Lucene search
+L

60 matches found

pentestpartners
pentestpartners
added 2019/12/02 6:12 a.m.43 views

The snooping girl on a train, again. How to compromise a business

So, I’m on a train, again, sat at a four-seat table, next to two men facing each other. From their conversation and interactions I’ve concluded that they are colleagues. The chap to my left is clearly working on implementation plans for a building management system, for a company I know yeah, I g...

6.5AI score
Exploits0
exploitpack
exploitpack
added 2019/11/12 12:0 a.m.94 views

eMerge E3 1.00-06 - Privilege Escalation

eMerge E3 1.00-06 - Privilege Escalation Exploit Title: eMerge E3 1.00-06 - Privilege Escalation Google Dork: NA Date: 2018-09-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version:...

9CVSS0.8AI score0.82036EPSS
Exploits10
zdt
zdt
added 2019/11/12 12:0 a.m.100 views

eMerge E3 1.00-06 - Arbitrary File Upload Exploit

Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - Arbitrary File Upload Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06 Tested...

7.5CVSS0.1AI score0.69992EPSS
Exploits5
exploitpack
exploitpack
added 2019/11/12 12:0 a.m.80 views

Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)

Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/' input type="hidden"...

6.8CVSS0.8AI score0.04476EPSS
Exploits4
exploitpack
exploitpack
added 2019/11/12 12:0 a.m.80 views

Optergy 2.3.0a - Username Disclosure

Optergy 2.3.0a - Username Disclosure Title: Optergy 2.3.0a - Username Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: djuro teppi view alerton stef humba drmio de3 andri myko dzonka kosto beebee...

5CVSS5.8AI score0.10469EPSS
Exploits5
exploitdb
exploitdb
added 2019/11/12 12:0 a.m.140 views

eMerge E3 1.00-06 - Arbitrary File Upload

Exploit Title: eMerge E3 1.00-06 - Arbitrary File Upload Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06 Tested on: NA CVE : CVE-2019-7257...

10CVSS7AI score0.69992EPSS
Exploits5
exploitdb
exploitdb
added 2019/11/12 12:0 a.m.116 views

Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)

Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/'...

8.8CVSS9AI score0.04476EPSS
Exploits4
exploitdb
exploitdb
added 2019/11/12 12:0 a.m.121 views

Optergy 2.3.0a - Remote Code Execution

Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: =2.3.0a Advisory: https://applied-risk.com/resources/ar-2019-008 Paper:...

10CVSS9.8AI score0.29043EPSS
Exploits5
zdt
zdt
added 2019/11/12 12:0 a.m.94 views

eMerge E3 1.00-06 - (layout) Reflected Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Versio...

4.3CVSS0.2AI score0.55807EPSS
Exploits5
packetstorm
packetstorm
added 2019/11/12 12:0 a.m.445 views

Nortek Linear eMerge E3 Access Controller 1.00-06 SSH/FTP Remote Root

!/usr/bin/env python Nortek Linear eMerge E3 Access Controller SSH/FTP Remote Root Affected version: \n' sys.exit ip = sys.argv1 rshell = ssh'root', ip, password='davestyle', port=22 rshell.interactive...

10CVSS0.3AI score0.23123EPSS
Exploits17
zdt
zdt
added 2019/11/12 12:0 a.m.132 views

Optergy 2.3.0a - Remote Code Execution (Backdoor) Exploit

Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl =...

10CVSS9.6AI score0.93384EPSS
Exploits7
zdt
zdt
added 2019/11/12 12:0 a.m.110 views

CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...

6.8CVSS0.4AI score0.0242EPSS
Exploits4
zdt
zdt
added 2019/11/12 12:0 a.m.115 views

Optergy 2.3.0a - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: =2.3.0a Advisory: https://applied-risk.com/resources/ar-2019-008 Paper:...

10CVSS0.29043EPSS
Exploits5
packetstorm
packetstorm
added 2019/11/12 12:0 a.m.85 views

FlexAir Access Control 2.3.38 Remote Root

!/usr/bin/env python Authenticated Remote Root Exploit for Prima FlexAir Access Control 2.3.38 via Command Injection in SetNTPServer request, Server parameter. CVE: CVE-2019-7670 Advisory: https://applied-risk.com/resources/ar-2019-007 Paper:...

9CVSS0.3AI score0.18306EPSS
Exploits5
cnvd
cnvd
added 2019/09/03 12:0 a.m.3 views

Code Execution Vulnerability in RGCMS

RGCMS is an open source building management system, written in PHP language, with Thinkphp 5.1 framework and MYSQL database. RGCMS code execution vulnerability, an attacker can use the vulnerability to obtain server privileges...

7.8AI score
Exploits0
cnvd
cnvd
added 2019/06/11 12:0 a.m.6 views

Optergy Proton/Enterprise Authentication Error Vulnerability

Optergy Proton/Enterprise is an enterprise building management system from Optergy USA. An authentication error vulnerability exists in Optergy Proton/Enterprise versions 2.3.0a and earlier. An attacker could exploit the vulnerability to gain direct party access to specific resources...

6.5CVSS7.2AI score0.01516EPSS
Exploits0References1
ics
ics
added 2019/06/06 12:0 a.m.170 views

Optergy Proton Enterprise Building Management System

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Optergy Equipment: Proton/Enterprise Building Management System Vulnerabilities: Information Exposure, Cross-site Request Forgery, Unrestricted Upload of File with Dangerous Type, Open Redirect,...

10CVSS9.2AI score0.93384EPSS
Exploits22References5
cnvd
cnvd
added 2018/06/06 12:0 a.m.7 views

ABB IP Gateway Unauthorized Access Vulnerability (CNVD-2018-11991)

ABB IP GATEWAY is a building management system from ABB Switzerland. A security vulnerability exists in ABB IP GATEWAY version 3.39 and earlier, which originates from some configuration files containing passwords in clear text. An attacker could use this vulnerability to gain unauthorized access...

9.8CVSS9.6AI score0.01678EPSS
Exploits0References1
cnvd
cnvd
added 2018/06/06 12:0 a.m.6 views

ABB IP Gateway Cross-Site Request Forgery Vulnerability

ABB IP GATEWAY is a building management system from ABB Switzerland. ABB IP GATEWAY 3.39 and prior versions suffer from a cross-site request forgery vulnerability, which arises when the web server fails to adequately validate a request sent by a user. A remote attacker could use this vulnerabilit...

8.8CVSS8.9AI score0.0067EPSS
Exploits0References1
ics
ics
added 2018/06/05 12:0 a.m.60 views

ABB IP Gateway

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: IP Gateway Vulnerabilities: Improper Authentication, Cross-site Request Forgery, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...

9.8CVSS10AI score0.02646EPSS
Exploits0References5
Rows per page
Query Builder