Dormakaba Exos 9300 security vulnerabilities

The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability, as the database passwords are derived from static random values. This vulnerability could allow attackers to derive...

CVE-2024-2422

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...

PT-2026-1677

Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System stores passwords in cleartext within the device’s SQLite database. This allows attackers to access unencrypted credentials directly from the...

iWT FaceSentry Access Control System 安全漏洞

The iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from susceptibility to cross-site request forgery attacks and could lead to the...

EUVD-2009-3706

Malware in sbrugna...

EUVD-2022-31221

Malicious code in bioql PyPI...

EUVD-2024-48609

Malicious code in bioql PyPI...

EUVD-2024-48608

Malicious code in bioql PyPI...

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

GeoVision ASManager Windows Application Credentials Disclosure Vulnerability

GeoVision ASManager GV-ASManager is an access control system developed by the Chinese company GeoVision. A credential disclosure vulnerability exists in the GeoVision ASManager Windows Application due to improper memory handling in the ASManagerService.exe process. An attacker can exploit this...

Siemens SiPass Integrated Third-Party Component DotNetZip Directory Traversal Vulnerability

Siemens SiPass integrated is a powerful and flexible access control system for organizations of all sizes, from simple offices to large complex facilities containing thousands of doors, gates, barriers and elevators. A directory traversal vulnerability exists in DotNetZip, a third-party component...

CVE-2024-45862 Cleartext Storage of Sensitive Information in Kastle Systems Access Control System

Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information...

CVE-2024-45862 Cleartext Storage of Sensitive Information in Kastle Systems Access Control System

Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information...

Kastle Systems Access Control System

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Kastle Systems Equipment : Access Control System Vulnerabilities : Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of...

CVE-2024-7732 SECOM Dr.ID Attendance system - Unrestricted File Upload

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-7731

The CVE-2024-7731 issue affects the SECOM Dr.ID Access Control System. Affected product: Dr.ID Access Control System from SECOM. Root cause: improper validation of a specific page parameter leads to SQL injection. Impact: unauthenticated remote attackers can read, modify, and delete database cont...

Suprema BioStar 2

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Suprema Inc. Equipment : BioStar 2 Vulnerability : SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Malware targeting SonicWall devices could survive firmware updates

Researchers at Mandiant have identified a malware campaign targeting SonicWall SMA 100 Series appliances, thought to be of Chinese origin. The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware was able to stea...

A Door Isn’t a Door When It’s Ajar - Part 3

A Door Isn’t a Door When It’s Ajar - Part III By Trellix · August 25, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Installing OnGuard by Third Party Vendor Exploitation and Hacking the Planet! Putting it all Together Building the Final Demo System The Demo Lessons and...

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System By Trellix · June 9, 2022 This story was also written by Steve Povolny and Sam Quinn. Today at the Hardwear.io Security Trainings and Conference, Trellix Threat Labs is sharing new research into...