CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2017-12460
https://notcve.org/view.php?id=CVE-2017-12460
30 Oct 2017 — An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output. Se ha descubierto un problema en Barco ClickShare con firmware CSM-1 anterior a v1.7.0.3 y firmware CSC-1 anterior a v1.10.0.10... • https://www.barco.com/en/Support/software/R33050037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 6%CPEs: 4EXPL: 0CVE-2017-9377
https://notcve.org/view.php?id=CVE-2017-9377
30 Oct 2017 — A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device. Se ha identificado una inyección de comandos en dispositivos Barco ClickShare Base Unit con firmware CSM-1 en versiones anteriores a la 1.7.0.3 y firmware CSC-1 en versiones anteriores a la 1.10.0.10. Un atacante que tenga acceso a la API ... • http://www.securityfocus.com/bid/101617 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 14%CPEs: 4EXPL: 0CVE-2016-3149 – Barco ClickShare XSS / Remote Code Execution / Path Traversal
https://notcve.org/view.php?id=CVE-2016-3149
14 Nov 2016 — Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors. Los dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03 y CSM-1 con firmware anterior a 01.06.02 permiten a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. Barco ClickShare suffers from remote code execution, cross site scripting, path traversal, and file disclosure vulnerabi... • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3150 – Barco ClickShare XSS / Remote Code Execution / Path Traversal
https://notcve.org/view.php?id=CVE-2016-3150
14 Nov 2016 — Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en wallpaper.php en el Base Unit en dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03, CSM-1 con firmware anteriores a 01.06.02 y CSE-200 con firmwa... • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-3151 – Barco ClickShare XSS / Remote Code Execution / Path Traversal
https://notcve.org/view.php?id=CVE-2016-3151
14 Nov 2016 — Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. Vulnerabilidad de salto de directorio en la funcionalidad de análisis de fondos de pantalla en dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03, CSM-1 con firmware anterior a 01.06.02 y CSE-... • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3152 – Barco ClickShare XSS / Remote Code Execution / Path Traversal
https://notcve.org/view.php?id=CVE-2016-3152
14 Nov 2016 — Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. Los dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03 permiten a atacantes remotos obtener la contraseña del root descargando y extrayendo la imagen del firmware. Barco ClickShare suffers from remote code execution, cross site scripting, path traversal, and file disclosure vulnerabilities. • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •