238 matches found
Kastle Systems Access Control System
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Kastle Systems Equipment : Access Control System Vulnerabilities : Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of...
CVE-2024-7732
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...
CVE-2024-7732 SECOM Dr.ID Attendance system - Unrestricted File Upload
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...
CVE-2024-7731
The CVE-2024-7731 issue affects the SECOM Dr.ID Access Control System. Affected product: Dr.ID Access Control System from SECOM. Root cause: improper validation of a specific page parameter leads to SQL injection. Impact: unauthenticated remote attackers can read, modify, and delete database cont...
The vulnerability of the Siemens RUGGEDCOM CROSSBOW secure access control system allows a intruder to execute arbitrary code.
The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the deficiencies of its authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created malware files from a remote location...
Suprema BioStar 2
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Suprema Inc. Equipment : BioStar 2 Vulnerability : SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
The vulnerability of the access control system for the virtual environment, previously known as Citrix Secure Access (formerly Citrix Gateway), is related to improper code generation. This allows a malicious individual to execute arbitrary code.
The vulnerability of the access control system for the virtual environment, previously known as Citrix Secure Access formerly Citrix Gateway, is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by having the user navigate to a...
Malware targeting SonicWall devices could survive firmware updates
Researchers at Mandiant have identified a malware campaign targeting SonicWall SMA 100 Series appliances, thought to be of Chinese origin. The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware was able to stea...
Siemens SiPass Integrated 输入验证错误漏洞
ACC-AP Advanced Central Controller is a door controller for up to two Internet/Intranet-connected doors used to communicate with the SiPass integrated access control system. AC5102 / ACC-G2 Advanced Central Controller is the central controller for the SiPass integrated The central controller for...
A Door Isn’t a Door When It’s Ajar - Part 3
A Door Isn’t a Door When It’s Ajar - Part III By Trellix · August 25, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Installing OnGuard by Third Party Vendor Exploitation and Hacking the Planet! Putting it all Together Building the Final Demo System The Demo Lessons and...
Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System
Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System By Trellix · June 9, 2022 This story was also written by Steve Povolny and Sam Quinn. Today at the Hardwear.io Security Trainings and Conference, Trellix Threat Labs is sharing new research into...
Cisco Secure Access Control System Java Deserialization Vulnerability
A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software...
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application suffers from an authentication bypass vulnerability. An unauthenticated...
COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS
Summary Biometric access control system. Description The application is vulnerable to an unauthenticated reflected cross-site scripting XSS vulnerability. Input passed to the Cookies 'CMXADMINNM' and 'CMXCOMPLEXNM' is not properly sanitised before being returned to the user. This can be exploited...
CVE-2020-21999
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...
CVE-2020-21999
CVE-2020-21999 affects iWT FaceSentry Access Control System (Firmware 6.4.8, 5.7.x) where an authenticated OS command injection is possible via the strInIP POST parameter in pingTest.php. The vulnerability uses default credentials and executes sudo ping with user-supplied input, enabling arbitrar...
SOYAL Biometric Access Control System 5.0 Weak Default Credentials
SOYAL Biometric Access Control System 5.0 Weak Default Credentials Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: AR-727 i/CM - F/W: 5.0 AR837E/EF - F/W: 4.3 AR725Ev2 - F/W: 4.3 191231 AR331/725E - F/W: 4.2 AR837E/EF - F/W: 4...
SOYAL 701Client 9.0.1 Insecure Permissions
Summary 701 Client is the user interface software for the access control system. It is used for adding and deleting tokens, setting door groups for access, setting time zones for limiting access and monitoring ingress and egress on a live system, among other things. Description The application...
eMerge E3 1.00-06 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - Cross-Site Request Forgery Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06...
Nortek Security & Control Linear eMerge E3-Series Cross-Site Request Forgery Vulnerability
The Nortek Security & Control Linear eMerge E3-Series is an access control system from Nortek Security & Control, USA. A cross-site request forgery vulnerability exists in the Nortek Security & Control Linear eMerge E3-Series, which arises from a WEB application that does not adequately validate...