Lucene search
K

238 matches found

ICS
ICS
added 2024/09/19 6:0 a.m.18 views

Kastle Systems Access Control System

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Kastle Systems Equipment : Access Control System Vulnerabilities : Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of...

9.2CVSS7.9AI score0.0037EPSS
Exploits0References10
NVD
NVD
added 2024/08/14 7:15 a.m.21 views

CVE-2024-7732

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

9.8CVSS0.00943EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/14 6:55 a.m.25 views

CVE-2024-7732 SECOM Dr.ID Attendance system - Unrestricted File Upload

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

9.8CVSS0.00943EPSS
Exploits0References2
CVE
CVE
added 2024/08/14 6:30 a.m.55 views

CVE-2024-7731

The CVE-2024-7731 issue affects the SECOM Dr.ID Access Control System. Affected product: Dr.ID Access Control System from SECOM. Root cause: improper validation of a specific page parameter leads to SQL injection. Impact: unauthenticated remote attackers can read, modify, and delete database cont...

9.8CVSS9.9AI score0.00835EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/17 12:0 a.m.6 views

The vulnerability of the Siemens RUGGEDCOM CROSSBOW secure access control system allows a intruder to execute arbitrary code.

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the deficiencies of its authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created malware files from a remote location...

10CVSS6AI score0.00792EPSS
Exploits0References3Affected Software1
ICS
ICS
added 2023/09/26 6:0 a.m.46 views

Suprema BioStar 2

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Suprema Inc. Equipment : BioStar 2 Vulnerability : SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

6.5CVSS6.8AI score0.07496EPSS
Exploits4References8
BDU FSTEC
BDU FSTEC
added 2023/07/14 12:0 a.m.7 views

The vulnerability of the access control system for the virtual environment, previously known as Citrix Secure Access (formerly Citrix Gateway), is related to improper code generation. This allows a malicious individual to execute arbitrary code.

The vulnerability of the access control system for the virtual environment, previously known as Citrix Secure Access formerly Citrix Gateway, is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by having the user navigate to a...

10CVSS8.2AI score0.00824EPSS
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2023/03/10 2:15 p.m.26 views

Malware targeting SonicWall devices could survive firmware updates

Researchers at Mandiant have identified a malware campaign targeting SonicWall SMA 100 Series appliances, thought to be of Chinese origin. The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware was able to stea...

0.5AI score
Exploits0
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.28 views

Siemens SiPass Integrated 输入验证错误漏洞

ACC-AP Advanced Central Controller is a door controller for up to two Internet/Intranet-connected doors used to communicate with the SiPass integrated access control system. AC5102 / ACC-G2 Advanced Central Controller is the central controller for the SiPass integrated The central controller for...

7.8CVSS7.8AI score0.00229EPSS
Exploits0References3
Trellix
Trellix
added 2022/08/25 12:0 a.m.17 views

A Door Isn’t a Door When It’s Ajar - Part 3

A Door Isn’t a Door When It’s Ajar - Part III By Trellix · August 25, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Installing OnGuard by Third Party Vendor Exploitation and Hacking the Planet! Putting it all Together Building the Final Demo System The Demo Lessons and...

7.6AI score
Exploits0
Trellix
Trellix
added 2022/06/09 12:0 a.m.17 views

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System By Trellix · June 9, 2022 This story was also written by Steve Povolny and Sam Quinn. Today at the Hardwear.io Security Trainings and Conference, Trellix Threat Labs is sharing new research into...

10CVSS9.1AI score0.02323EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.21 views

Cisco Secure Access Control System Java Deserialization Vulnerability

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software...

10CVSS5.2AI score0.18554EPSS
In wildExploits0
Packet Storm
Packet Storm
added 2021/08/16 12:0 a.m.353 views

COMMAX Biometric Access Control System 1.0.0 Authentication Bypass

COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application suffers from an authentication bypass vulnerability. An unauthenticated...

1.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/08/15 12:0 a.m.406 views

COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS

Summary Biometric access control system. Description The application is vulnerable to an unauthenticated reflected cross-site scripting XSS vulnerability. Input passed to the Cookies 'CMXADMINNM' and 'CMXCOMPLEXNM' is not properly sanitised before being returned to the user. This can be exploited...

6.1CVSS6AI score0.00238EPSS
Exploits1
Cvelist
Cvelist
added 2021/05/04 3:21 p.m.20 views

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

9.1AI score0.05242EPSS
Exploits2References2
CVE
CVE
added 2021/05/04 3:21 p.m.64 views

CVE-2020-21999

CVE-2020-21999 affects iWT FaceSentry Access Control System (Firmware 6.4.8, 5.7.x) where an authenticated OS command injection is possible via the strInIP POST parameter in pingTest.php. The vulnerability uses default credentials and executes sudo ping with user-supplied input, enabling arbitrar...

9CVSS9AI score0.05242EPSS
Exploits2References2Affected Software1
Packet Storm
Packet Storm
added 2021/03/19 12:0 a.m.313 views

SOYAL Biometric Access Control System 5.0 Weak Default Credentials

SOYAL Biometric Access Control System 5.0 Weak Default Credentials Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: AR-727 i/CM - F/W: 5.0 AR837E/EF - F/W: 4.3 AR725Ev2 - F/W: 4.3 191231 AR331/725E - F/W: 4.2 AR837E/EF - F/W: 4...

1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.142 views

SOYAL 701Client 9.0.1 Insecure Permissions

Summary 701 Client is the user interface software for the access control system. It is used for adding and deleting tokens, setting door groups for access, setting time zones for limiting access and monitoring ingress and egress on a live system, among other things. Description The application...

8.8CVSS7.3AI score0.01866EPSS
Exploits2
0day.today
0day.today
added 2019/11/12 12:0 a.m.132 views

eMerge E3 1.00-06 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - Cross-Site Request Forgery Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06...

6.8CVSS0.6AI score0.16278EPSS
Exploits5
CNVD
CNVD
added 2019/07/03 12:0 a.m.3 views

Nortek Security & Control Linear eMerge E3-Series Cross-Site Request Forgery Vulnerability

The Nortek Security & Control Linear eMerge E3-Series is an access control system from Nortek Security & Control, USA. A cross-site request forgery vulnerability exists in the Nortek Security & Control Linear eMerge E3-Series, which arises from a WEB application that does not adequately validate...

8.8CVSS6.9AI score0.16278EPSS
Exploits5References1
Rows per page
Query Builder