Simon Brannstrom - Security Researcher - Exploit Intelligence Platform

CVE-2017-12929 EXPLOITDB HIGH WRITEUP

Tecnovision Dlx Spot Player4 - Unrestricted File Upload

Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.

CVSS 8.8

View Code

CVE-2017-12929 EXPLOITDB HIGH text WORKING POC

Tecnovision Dlx Spot Player4 - Unrestricted File Upload

Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.

CVSS 8.8

View Code

CVE-2017-12930 EXPLOITDB CRITICAL text WRITEUP

Tecnovision Dlx Spot Player4 - SQL Injection

SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.

CVSS 9.8

View Code

CVE-2017-12930 EXPLOITDB CRITICAL text WRITEUP

Tecnovision Dlx Spot Player4 - SQL Injection

SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.

CVSS 9.8

View Code

EIP-2026-101595 EXPLOITDB text WORKING POC

Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection

View Code