The following is a list of my collected CVE's
- CVE-2024-27120 Path traversal
- CVE-2023-37939 Information disclosure
Tripleplay’s TripleSign Digital Signage is a fully integrated digital signage platform that allows users to dynamically control, update and deliver digital and video communications to a variety of end devices. During a pentest i've found multiple 0days that affacted the latest firmware:
- CVE-2023-25759 OS command injection
- CVE-2023-25760 Privilege escalation
- CVE-2023-26599 Stored XSS
Nagios XI is an enterprise monitoring solution, see https://www.nagios.com/products/nagios-xi/ for more information. During an pentest i've found 4 0days:
- CVE-2022-29270 No password conformation during e-mail change leads to account takeover
- CVE-2022-29272 Open redirect in login form
- CVE-2022-29269 HTML injection in schedueld report mails
- CVE-2022-29271 Permissions issue where read-only users could schedule downtimes using downtime.php
The Glory RBW-100 banknote recycling system controls cash and removes the need for manual note handling. I've found two vulnerabilities in the Font Circle Controller management interface that can lead to a reverse root-shell:
- CVE-2019-10479 - Default hardcoded credentials
- CVE-2019-10478 - Arbitrary file upload
See a POC, combining these two vulnerabilities in action: https://youtu.be/MSKDfLpPOLw