Information Paradox

7 exploits Active since Dec 2014
CVE-2017-17738 EXPLOITDB HIGH text WRITEUP
BrightSign Digital Signage <4k242 - Path Traversal
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.
CVSS 7.5
CVE-2017-17737 EXPLOITDB MEDIUM text WRITEUP
BrightSign 4K242 Firmware < 6.2.63 - Cross-Site Scripting via REF Parameter
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.
CVSS 6.1
CVE-2014-9141 EXPLOITDB text WRITEUP
Thomson Reuters Fixed Assets CS <13.1.4 - Code Injection
The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
EIP-2026-116985 EXPLOITDB text WRITEUP
CompuSource Systems Real Time Home Banking - Local Privilege Escalation
CVE-2014-9113 EXPLOITDB text WRITEUP
CCH Wolters Kluwer ProSystem fx Engagement <7.1 - Privilege Escalation
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file.
CVE-2017-17759 EXPLOITDB CRITICAL text WRITEUP
Conarc iChannel - Unauthenticated Sensitive Information Exposure and Denial of Service via wc.dll EditConfig Request
Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service).
CVSS 9.8
CVE-2017-17739 EXPLOITDB CRITICAL text WRITEUP
BrightSign 4k242 Firmware < 6.2.63 - Path Traversal and Arbitrary File Write via /storage.html rp Parameter
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.
CVSS 9.8