VYPR
Vendor

Tightrope Media

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2019-13020CriAug 26, 2019
    risk 0.65cvss 10.0epss 0.01

    The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve…

  • CVE-2018-18931HigOct 29, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM…

  • CVE-2018-18930HigOct 29, 2019
    risk 0.57cvss 8.8epss 0.03

    The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an…

  • CVE-2018-14573MedJul 23, 2018
    risk 0.36cvss 5.5epss 0.06

    A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.