44 matches found
CVE-2021-41292 ECOA BAS controller - Broken Authentication
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC...
CVE-2021-41292
CVE-2021-41292 affects ECOA Building Automation System components (e.g., ECOA ECS Router Controller ECS (FLASH), RiskBuster Terminator E6L45, RB 3.0.0, TRANE 1.0, and related ECOA software). Root cause is an authentication bypass via cookie poisoning, enabling an unauthenticated attacker to bypas...
Siemens Desigo CC Series CCOM Communication Component Deserialization Vulnerability
Cerberus DMS is a hazard management station that helps users manage fire safety and security incidents.Desigo CC is an integrated building management platform for managing high-performance buildings.Desigo CC Compact expands the portfolio with solutions tailored for small and medium-sized...
COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass Vulnerability
Exploit Title: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected...
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
Summary Biometric access control system. Description The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings...
Go inside the new Azure Defender for IoT including CyberX
In 2020, the move toward digital transformation and Industry 4.0 took on new urgency with manufacturing and other critical infrastructure sectors under pressure to increase operational efficiency and reduce costs. But the cybersecurity model for operational technology OT was already shown to be...
Go inside the new Azure Defender for IoT including CyberX
In 2020, the move toward digital transformation and Industry 4.0 took on new urgency with manufacturing and other critical infrastructure sectors under pressure to increase operational efficiency and reduce costs. But the cybersecurity model for operational technology OT was already shown to be...
RSA Conference 2019: The Expanding Automation Platform Attack Surface
SAN FRANCISCO – Automation platforms are increasingly being used to chain multiple IoT devices together to create user-friendly smart applications – but that’s also creating unpredictable attack surfaces that can be hard to manage. A Trend Micro report released at RSA Conference 2019 warns that...
historicbuildings.unl.edu XSS vulnerability
Open Bug Bounty ID: OBB-664109 Description| Value ---|--- Affected Website:| historicbuildings.unl.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Schneider Electric SBO AS - Multiple Vulnerabilities
Schneider Electric SBO AS - Multiple Vulnerabilities Exploit Title: Schneider Electric SBO / AS Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.schneider-electric.com Versions Reported: Automation Server Series AS, AS-P, v1.7 and prior CVE-ID: CVE-2016-2278 About...
Fedora Update for bomber FEDORA-2013-13499
Check for the Version of bomber OpenVAS Vulnerability Test Fedora Update for bomber FEDORA-2013-13499 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
[SECURITY] Fedora 18 Update: bomber-4.10.5-1.fc18
Bomber is a single player arcade game. The player is invading various cities in a plane that is decreasing in height. The goal of the game is to destroy all the buildings and advance to the next level. Each level gets a harder by increasing the speed of the plane and the height of the buildings...
Fedora Update for bomber FEDORA-2013-10130
Check for the Version of bomber OpenVAS Vulnerability Test Fedora Update for bomber FEDORA-2013-10130 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
[SECURITY] Fedora 18 Update: bomber-4.10.4-1.fc18
Bomber is a single player arcade game. The player is invading various cities in a plane that is decreasing in height. The goal of the game is to destroy all the buildings and advance to the next level. Each level gets a harder by increasing the speed of the plane and the height of the buildings...
Microsoft Windows ActiveX Control Multiple Vulnerabilities (2820197)
This script will list all the vulnerable activex controls installed on the remote windows machine with references and cause. OpenVAS Vulnerability Test $Id: gbmswindowsactivexcontrolmultvulnmay13.nasl 7172 2017-09-18 11:07:34Z cfischer $ Microsoft Windows ActiveX Control Multiple Vulnerabilities...
CVE-2013-0108
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator EBI R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager aka CPO-M Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code vi...
CVE-2009-2885
SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter...
CVE-2009-2884
Cross-site scripting XSS vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter...
CVE-2009-2884
Cross-site scripting XSS vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter...