Linear eMerge E3-Series Access Controller Command Injection

This module exploits a command injection vulnerability in the Linear eMerge E3-Series Access Controller. The Linear eMerge E3 versions 1.00-06 and below are vulnerable to unauthenticated command injection in cardscandecoder.php via the No and door HTTP GET parameter. Successful exploitation resul...

Matrikon OPC Server

1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely Vendor: Matrikon, a subsidiary of Honeywell Equipment: Matrikon OPC Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote command...

ICSA-20-212-02_Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Multiple Factory Automation Engineering Software products Vulnerability: Permission Issues 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update...

Reliable Controls LicenseManager

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Reliable Controls Equipment: LicenseManager Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the system, view sensitive...

eMerge E3 1.00-06 - Arbitrary File Upload

eMerge E3 1.00-06 - Arbitrary File Upload Exploit Title: eMerge E3 1.00-06 - Arbitrary File Upload Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version:...

CBAS-Web 19.0.0 - Remote Code Execution

CBAS-Web 19.0.0 - Remote Code Execution Exploit Title: CBAS-Web 19.0.0 - Remote Code Execution Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...

Optergy 2.3.0a - Username Disclosure

Optergy 2.3.0a - Username Disclosure Title: Optergy 2.3.0a - Username Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: djuro teppi view alerton stef humba drmio de3 andri myko dzonka kosto beebee...

CBAS-Web 19.0.0 - Username Enumeration

CBAS-Web 19.0.0 - Username Enumeration Exploit Title: CBAS-Web 19.0.0 - Username Enumeration Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...

Prima Access Control 2.3.35 - HwName Persistent Cross-Site Scripting

Prima Access Control 2.3.35 - HwName Persistent Cross-Site Scripting Exploit Title: Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...

eMerge E3 1.00-06 - Remote Code Execution

eMerge E3 1.00-06 - Remote Code Execution Exploit Title: eMerge E3 1.00-06 - Remote Code Execution Google Dork: NA Date: 2018-09-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version:...

Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)

Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/' input type="hidden"...

Prima Access Control 2.3.35 - Arbitrary File Upload

Prima Access Control 2.3.35 - Arbitrary File Upload Exploit Title: Prima Access Control 2.3.35 - Arbitrary File Upload Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...

Optergy 2.3.0a - Remote Code Execution

Optergy 2.3.0a - Remote Code Execution Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: =2.3.0a Advisory: https://applied-risk.com/resources/ar-2019-008 Paper:...

eMerge E3 1.00-06 - Privilege Escalation

eMerge E3 1.00-06 - Privilege Escalation Exploit Title: eMerge E3 1.00-06 - Privilege Escalation Google Dork: NA Date: 2018-09-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version:...

eMerge E3 Access Controller 4.6.07 - Remote Code Execution

eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link:...

Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)

Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/'...

Optergy 2.3.0a - Remote Code Execution

Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: =2.3.0a Advisory: https://applied-risk.com/resources/ar-2019-008 Paper:...

Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting

Exploit Title: Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version:...

eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)

Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Metasploit Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07 Tested...

eMerge E3 1.00-06 - Arbitrary File Upload

Exploit Title: eMerge E3 1.00-06 - Arbitrary File Upload Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06 Tested on: NA CVE : CVE-2019-7257...