PT-2022-23822

Name of the Vulnerable Software and Affected Versions Carel pCOWeb HVAC BACnet Gateway versions 2.1.0, Firmware A2.1.0 through B2.1.0, Application Software 2.15.4A Software v16 13020200 Description The Carel pCOWeb HVAC BACnet Gateway is affected by an unauthenticated arbitrary file disclosure...

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal Vulnerability

Exploit Title: Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal Exploit Author: LiquidWorm Vendor: CAREL INDUSTRIES S.p.A. Product web page: https://www.carel.com Affected version: Firmware: A2.1.0 - B2.1.0 Application Software: 2.15.4A Software version: v16 13020200 Summary: pCO...

Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal Vulnerability

Carel pCOWeb HVAC BACnet Gateway version 2.1.0 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the logdownload.cgi bash script is not properly verified before being used to download log files. This can be exploited to...

Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal

Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal Vendor: CAREL INDUSTRIES S.p.A. Product web page: https://www.carel.com Affected version: Firmware: A2.1.0 - B2.1.0 Application Software: 2.15.4A Software version: v16 13020200 Summary: pCO sistema is the solution CAREL...

An attacker can execute malicious javascript in Live Helper Chat

Cross-site Scripting XSS in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious javascript on application...

The vulnerability in the web interface of the Cisco BroadWorks CommPilot Application Software allows a hacker to delete arbitrary user accounts.

The vulnerability of the Cisco BroadWorks CommPilot Application Software’s web interface is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to delete arbitrary user accounts remotely...

CVE-2021-34785

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system...

CVE-2021-34786

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system...

Design/Logic Flaw

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system...

CVE-2021-34786

Cisco BroadWorks CommPilot Application Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. The CVE-2021-34786 entry maps to Cisco BroadWorks CommPilot issues; Cisco’s adv...

CVE-2021-34785

Cisco BroadWorks CommPilot Application Software contains multiple authentication/authorization vulnerabilities in its web interface that an authenticated remote attacker could exploit to delete arbitrary user accounts or escalate privileges on an affected system. The issues are documented across ...

CVE-2021-34785 Cisco BroadWorks CommPilot Application Software Vulnerabilities

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system...

File Upload Vulnerability in Library Cluster Management System of Guangzhou Tutron Computer Software Development Co. Ltd (CNVD-2021-52386)

Ltd. is a high-tech enterprise integrating product research and development, application integration and customer service, with the main goal of providing high-quality application software system design, integration and maintenance services for users in the library industry. There is a file uploa...

SQL Injection Vulnerability in Library Cluster Management System of Guangzhou Tutron Computer Software Development Co. Ltd (CNVD-2021-52066)

Ltd. is a high-tech enterprise integrating product research and development, application integration and customer service, with the main goal of providing high-quality application software system design, integration and maintenance services for users in the library industry. There is a SQL...

Accela Civic Platform Cross-Site Scripting Vulnerability

Accela Civic Platform is Accela's application software cloud-based solution to modernize city systems for land management and code enforcement, increased civic engagement and mobile information access. Accela Civic Platform cross-site scripting vulnerability that stems from Accela Platform's lack...

The vulnerability of the node-fetch library in the Aurora Center’s application software, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the node-fetch library in Aurora Application Software is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to deny services through a specially crafted regular expression...

The vulnerability of the cryptographic functions of the GoLang development library used by Aurora Application Software Center is related to errors in the authentication process for certificates. This error allows a perpetrator to cause service failures.

The vulnerability of the cryptographic functions of the GoLang development library used by Aurora Application Software Center is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service failures...

The vulnerability of the ua-parser-js library in the Avrora Application Software, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the ua-parser-js library in Avrora Application Software, related to uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the GoLang development tool for application software “Aurora Center” relates to the execution of a loop with an unavailable exit condition, allowing attackers to cause service failures.

The vulnerability of the GoLang development tool used by Aurora Application Software involves executing a loop with an exit condition that is not met. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the set function in the object-path library of the Aurora Application Software Center, related to uncontrolled changes to prototype attributes of objects, allows attackers to execute a “prototype pollution” attack.

The vulnerability of the set function in the object-path library of the Aurora application software is related to uncontrolled changes in object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute an “infection of the prototype” attack...