| Real Name | Gjoko Krstic |
|---|---|
| Email address | private |
| First Active | 2007-07-26 |
| Last Active | 2020-11-16 |
RED-V Super Digital Signage System RXV-A740R is vulnerable to a sensitive information disclosure vulnerability. An unauthenticated attacker can visit several endpoints and disclose the webserver's log file list containing sensitive system resources and debug log information running on the device.
e1d1ea37410444110d5c4be18ea30b60iDS6 DSSPro Digital Signage System version 6.2 suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the console or by insecure direct object references to hidden functionalities that can result in creating users, modifying roles and permissions and full takeover of the application.
e3500a490fb570726141f18d28cdea4aThe CAPTCHA function for iDS6 DSSPro Digital Signage System version 6.2 is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. By requesting the autoLoginVerifyCode object an attacker can receive a JSON message code and successfully bypass the CAPTCHA-based authentication challenge and perform brute-force attacks.
63ad9696454afc1b19e579a677c06b40iDS6 DSSPro Digital Signage System version 6.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
207d76baf968933618e1083a7fd98079iDS6 DSSPro Digital Signage System version 6.2 suffers from a cleartext transmission/storage of sensitive information in a cookie when using the Remember (autoSave=true) feature. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.
6e74f91319785d9d2dc39fb672f1d06bTDM Digital Signage Windows Player version 4.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice.
9f69935f116659d2b0dbfb1b919205fcAdtec Digital is a leading manufacturer of Broadcast, Cable and IPTV products and solutions. Many of their devices utilize hard-coded and default credentials within its Linux distribution image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging in using the default credentials for accessing the web interface or gain shell access as root.
063154d6c7521ecfedc183b52625d739ReQuest Serious Play F3 Media Server version 7.0.3 suffers from an unauthenticated remote code execution vulnerability. Abusing the hidden ReQuest Internal Utilities page (/tools) from the services provided, an attacker can exploit the Quick File Uploader (/tools/upload.html) page and upload PHP executable files that results in remote code execution as the web server user.
27df19dca8c37dc3db671041baa681bfReQuest Serious Play F3 Media Server version 7.0.3 suffers from a denial of service vulnerability. The device can be shutdown or rebooted by an unauthenticated attacker when issuing one HTTP GET request.
7e4935c15e1a6e632932f0aa3b9ab22aReQuest Serious Play F3 Media Server version 7.0.3 suffers from a debug log disclosure vulnerability. An unauthenticated attacker can visit the message_log page and disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device.
0b0576d8b889a02c9607020a2a342a98ReQuest Serious Play Media Player version 3.0 suffers from an unauthenticated file disclosure vulnerability when input passed through the file parameter in tail.html and file.html script is not properly verified before being used to read web log files. This can be exploited to disclose contents of files from local resources.
89e3f397315931eb686bb1c49abbbdcaA security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. Digest authentication uses a "nonce" value to mitigate replay attacks. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.
b8446c244573df9229e023dd4a04307dBACNet Test Server version 1.01 suffers from a denial of service vulnerability when sending a malformed BVLC Length UDP packet to port 47808 which causes the application to crash.
c18e464a43c74a4f96d0a72d9e0d01bdSony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be exploited to cause a stack-based buffer overflow when a user issues a POST request to connect to a malicious FTP server. Successful exploitation could allow execution of arbitrary code on the affected device or cause denial of service scenario.
f3c26902b184bef531fb09e991e41a65BrightSign Digital Signage Diagnostic Web Server version 8.2.26 suffers from an unauthenticated server-side request forgery vulnerability.
296bf65f30621b25981d6cb6556e0e99SpinetiX Fusion Digital Signage version 3.4.8 suffers from an authenticated path traversal vulnerability. Input passed via several parameters in index.php script is not properly verified before being used to create and delete files. This can be exploited to write backup files to an arbitrary location and/or delete arbitrary files via traversal attacks.
7f728d906bc879ebc132cb19c060a6c2SpinetiX Fusion Digital Signage version 3.4.8 suffers from a database backup disclosure vulnerability.
bd78c5ac803733307c42b810b4232217SpinetiX Fusion Digital Signage version 3.4.8 suffers from a cross site request forgery vulnerability.
b11d34cdcd9290c7637a7fddb59c490cSpinetiX Fusion Digital Signage versions 3.4.8 and below suffer from a username enumeration vulnerability.
0f397d0c453903fc6da9856dc936c6ebB-swiss 3 Digital Signage System version 3.6.5 suffers from an authenticated arbitrary PHP code execution vulnerability. The vulnerability is caused due to the improper verification of uploaded files in index.php script thru the rec_poza POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in the /usr/users directory. Due to an undocumented and hidden maintenance account admin_m which has the highest privileges in the application, an attacker can use these hard-coded credentials to authenticate and use the vulnerable image upload functionality to execute code on the server.
b8122e7dc5d8a3a0549b1366c4226983B-swiss 3 Digital Signage System version 3.6.5 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
31d83019ab8016cf568904060791896fB-swiss 3 Digital Signage System version 3.6.5 is vulnerable to an unauthenticated database download and information disclosure vulnerability. This can enable the attacker to disclose sensitive information resulting in authentication bypass, session hijacking and full system control.
1175b32ecdd1ad1b9b42a4c5bc9c5d4cEibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.
fd7bb44dd6320c3825c09283301d799eEibiz i-Media Server Digital Signage version 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.
48bcb45f0b05d6750b03ec9ce8698dc6Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object (part of ActionScript object graphs), effectively elevating to an administrative role or taking over an existing account by modifying the settings.
3841e73f5ee30c4a0b8a1d02dac070da
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed