singularitysec

6 exploits Active since Dec 2014
CVE-2017-17738 EXPLOITDB HIGH text WRITEUP
BrightSign Digital Signage <4k242 - Path Traversal
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.
CVSS 7.5
CVE-2017-17737 EXPLOITDB MEDIUM text WRITEUP
Brightsign 4k242 Firmware < 6.2.63 - XSS
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.
CVSS 6.1
CVE-2014-9141 EXPLOITDB text WRITEUP
Thomson Reuters Fixed Assets CS <13.1.4 - Code Injection
The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
CVE-2014-9113 EXPLOITDB text WRITEUP
CCH Wolters Kluwer ProSystem fx Engagement <7.1 - Privilege Escalation
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file.
EIP-2026-116985 EXPLOITDB text WRITEUP
CompuSource Systems Real Time Home Banking - Local Privilege Escalation
CVE-2017-17739 EXPLOITDB CRITICAL text WRITEUP
Brightsign 4k242 Firmware < 6.2.63 - Path Traversal
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.
CVSS 9.8