Lucene search
K

53 matches found

Cvelist
Cvelist
added 2021/04/27 5:54 p.m.18 views

CVE-2020-22001

HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local loopback IP address value allowing remote control of the smart home solution...

9.6AI score0.03406EPSS
Exploits2References3
CVE
CVE
added 2021/04/27 5:54 p.m.73 views

CVE-2020-22001

CVE-2020-22001 affects HomeAutomation 3.3.2. Vulnerability: authentication bypass by spoofing the X-Forwarded-For header to the local loopback IP, enabling remote control of the smart home solution. Documented in multiple sources (Red Hat, NVD, CVE list, Zeroscience) with PoC/advisory details and...

9.8CVSS9.4AI score0.03406EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2021/04/27 5:51 p.m.19 views

CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

8.3AI score0.01059EPSS
Exploits2References2
CVE
CVE
added 2021/04/27 5:51 p.m.53 views

CVE-2020-22000

CVE-2020-22000 affects HomeAutomation 3.3.2. An authenticated OS command execution vulnerability exists in the customcommand v0.1 plugin, exploitable via CSRF to run arbitrary shell commands as the web user through unsanitized PHP exec() calls in /system/systemplugins/customcommand/customcommand....

8.5CVSS8.2AI score0.01059EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/04/27 5:46 p.m.17 views

CVE-2020-21998

In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted o...

6.2AI score0.01319EPSS
Exploits2References2
CVE
CVE
added 2021/04/27 5:46 p.m.52 views

CVE-2020-21998

CVE-2020-21998 affects HomeAutomation 3.3.2. The issue is an open redirect due to improper verification of the 'redirect' GET parameter in api.php, allowing an attacker to redirect users to arbitrary external sites. Connected documents corroborate an open-redirect vulnerability with exploit requi...

6.1CVSS6.2AI score0.01319EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/04/27 5:41 p.m.12 views

CVE-2020-21989

HomeAutomation 3.3.2 is affected by Cross Site Request Forgery CSRF. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges i...

8.8AI score0.00748EPSS
Exploits2References2
CVE
CVE
added 2021/04/27 5:41 p.m.58 views

CVE-2020-21989

CVE-2020-21989 affects HomeAutomation 3.3.2. The issue is a CSRF flaw in the web interface that allows actions to be performed with administrative privileges if a logged-in user visits a malicious site. Affected component is the HTTP interface; root cause is lack of validity checks on requests. P...

8.8CVSS8.6AI score0.00748EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/04/27 5:37 p.m.19 views

CVE-2020-21987

HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting XSS. XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's...

6.3AI score0.00905EPSS
Exploits2References2
CVE
CVE
added 2021/04/27 5:37 p.m.65 views

CVE-2020-21987

CVE-2020-21987 affects HomeAutomation v3.3.2. The vulnerability is persistent Cross Site Scripting (XSS) caused by insufficient sanitization of input passed via multiple parameters to several scripts, allowing arbitrary HTML/script execution in a user’s browser session. Multiple connected sources...

6.1CVSS6.2AI score0.00905EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/27 12:0 a.m.5 views

PT-2021-10716 · Unknown · Homeautomation

Name of the Vulnerable Software and Affected Versions: HomeAutomation version 3.3.2 Description: The issue allows for an authentication bypass when the X-Forwarded-For header is spoofed with the local IP address, enabling remote control of the smart home solution. Recommendations: For...

9.8CVSS9.4AI score0.03406EPSS
Exploits2References4
CNNVD
CNNVD
added 2021/04/27 12:0 a.m.4 views

Subreddit Home Automation 输入验证错误漏洞

Subreddit Home Automation is an automation device for the Subreddit community. An automated electric light. A security vulnerability exists in HomeAutomation 3.3.2, which stems from the input passed in the redirect GET parameter in the api.php script not being properly validated before it is used...

6.1CVSS6.4AI score0.01319EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2021/04/27 12:0 a.m.5 views

PT-2021-10713

Name of the Vulnerable Software and Affected Versions HomeAutomation version 3.3.2 Description The issue arises from improper verification of input passed via the redirect GET parameter in the "api.php" script. This can be exploited to redirect a user to an arbitrary website, for example, when a...

6.1CVSS6.7AI score0.01319EPSS
Exploits2References4
Check Point Advisories
Check Point Advisories
added 2020/01/06 12:0 a.m.0 views

HomeAutomation Remote Code Execution

A remote code execution vulnerability exists in HomeAutomation. Successful exploitation of this vulnerability will allow remote attackers to execute arbitrary code on the affected system...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/12/30 12:0 a.m.114 views

HomeAutomation 3.3.2 Cross Site Scripting

HomeAutomation v3.3.2 Stored and Reflected XSS Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick,...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/12/30 12:0 a.m.78 views

HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos...

Exploits0
Packet Storm
Packet Storm
added 2019/12/30 12:0 a.m.135 views

HomeAutomation 3.3.2 CSRF / Code Execution

HomeAutomation v3.3.2 CSRF Remote Command Execution PHP Reverse Shell PoC Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2019/12/30 12:0 a.m.41 views

HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)

HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2019/12/30 12:0 a.m.235 views

HomeAutomation 3.3.2 Authentication Bypass

HomeAutomation v3.3.2 Authentication Bypass Exploit Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/12/30 12:0 a.m.142 views

HomeAutomation 3.3.2 Cross Site Request Forgery

HomeAutomation v3.3.2 CSRF Add Admin Exploit Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, bu...

0.5AI score
Exploits0
Rows per page
Query Builder