95 matches found
CVE-2019-10853
Computrols CBAS 18.0.0 allows Authentication Bypass...
Default credentials
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database...
CVE-2019-10854
Computrols CBAS 18.0.0 allows Authenticated Command Injection...
Command injection
Computrols CBAS 18.0.0 allows Authenticated Command Injection...
Authentication flaw
Computrols CBAS 18.0.0 allows Authentication Bypass...
CVE-2019-10853
Computrols CBAS 18.0.0 allows Authentication Bypass...
Hardcoded credentials
Computrols CBAS 18.0.0 has hard-coded encryption keys...
CVE-2019-10851
Computrols CBAS 18.0.0 has hard-coded encryption keys...
CVE-2019-10851
Computrols CBAS 18.0.0 has hard-coded encryption keys...
CVE-2019-10852
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=startpulling&id= substring...
CVE-2019-10852
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=startpulling&id= substring...
Sql injection
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=startpulling&id= substring...
CVE-2019-10846
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter...
CVE-2019-10846
CVE-2019-10846 affects Computrols CBAS Web (versions prior to fixed 19.0.1/18.0.1 etc.). It describes an Unauthenticated Reflected Cross-Site Scripting vulnerability in the login and password-reset pages via the username GET parameter. Impact per sources is client-side script execution in a user’...
CVE-2019-10849
CBAS Web (Computrols CBAS) 19.0.0 is affected by an information-disclosure vulnerability due to an unprotected Subversion/SVN directory that can disclose the firmware source code. The Red Hat advisory and exploit reports confirm the issue affects CBAS Web and maps to CVE-2019-10849, with an impac...
CVE-2019-10849
Computrols CBAS 18.0.0 allows unprotected Subversion SVN directory / source code disclosure...
CVE-2019-10850
CVE-2019-10850 involves Computrols CBAS 18.0.0 with default credentials. The trusted-identity issue allows unauthenticated access (PR:N, UI:N) over network, yielding high confidentiality, integrity, and availability impact per NVD metrics (CVSS v3: 9.8). Reports in CNVD describe a building-automa...
CVE-2019-10850
Computrols CBAS 18.0.0 has Default Credentials...
CVE-2019-10851
CVE-2019-10851 affects Computrols CBAS Web; vulnerability stems from hard-coded encryption keys used to decrypt database backups in CBAS Web scripts. An authenticated attacker could access the device’s full database and discover sensitive information. Mitigations referenced in multiple advisories...
CVE-2019-10851
Computrols CBAS 18.0.0 has hard-coded encryption keys...