MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route …

SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.

PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.

PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.

PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.

PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.

PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.