VYPR

Carousel

by Tightrope Media

CVEs (3)

  • CVE-2019-13020CriAug 26, 2019
    risk 0.65cvss 10.0epss 0.01

    The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve…

  • CVE-2018-18931HigOct 29, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM…

  • CVE-2018-18930HigOct 29, 2019
    risk 0.57cvss 8.8epss 0.03

    The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an…