12 matches found
EUVD-2020-30929
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...
CVE-2020-37052
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...
CVE-2020-37052 AirControl 1.4.2 - PreAuth Remote Code Execution
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...
CVE-2020-37052 AirControl 1.4.2 - PreAuth Remote Code Execution
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...
CVE-2020-37052
AirControl 1.4.2 is affected by a pre‑authentication remote code execution vulnerability. An unauthenticated attacker can exploit the /.seam (and /seam) endpoint by crafting URLs with embedded Java expressions to execute arbitrary system commands with the application's privileges. Root cause is J...
CVE-2020-37052
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...
Ubiquiti AirControl code injection vulnerability
Ubiquiti AirControl is a centralized network management platform developed by the American company Ubiquiti. Version 1.4.2 of Ubiquiti AirControl contains a code injection vulnerability. This vulnerability stems from Java expression injections present in.seam endpoints, which may allow unverified...
AirControl 1.4.2 Remote Code Execution
Exploit Title: AirControl 1.4.2 - PreAuth Remote Code Execution Date: 2020-06-03 Exploit Author: 0xd0ff9 vs j3ssie Vendor Homepage: https://www.ui.com/ Software Link: https://www.ui.com/download/!utilities Version: AirControl = 1.4.2 Signature:...
AirControl 1.4.2 - PreAuth Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: AirControl 1.4.2 - PreAuth Remote Code Execution Exploit Author: 0xd0ff9 vs j3ssie Vendor Homepage: https://www.ui.com/ Software Link: https://www.ui.com/download/!utilities Version: AirControl = 1.4.2 Signature:...
AirControl 1.4.2 - PreAuth Remote Code Execution
Exploit Title: AirControl 1.4.2 - PreAuth Remote Code Execution Date: 2020-06-03 Exploit Author: 0xd0ff9 vs j3ssie Vendor Homepage: https://www.ui.com/ Software Link: https://www.ui.com/download/!utilities Version: AirControl = 1.4.2 Signature:...
aircontrol.es XSS vulnerability
Open Bug Bounty ID: OBB-680565 Description| Value ---|--- Affected Website:| aircontrol.es Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Ubiquiti Inc.: Ability to log in as any user without authentication if █████████ is empty
Devices that can be monitored by airControl include a ticket based authentication system that allows access to the WebUI using a ticket id. This system had a flaw that allowed unauthenticated access without a valid ticket, given these requirements were met: 1. A device was monitored by airControl...