67 matches found
Linear eMerge E3-Series Access Controller Command Injection
This module exploits a command injection vulnerability in the Linear eMerge E3-Series Access Controller. The Linear eMerge E3 versions 1.00-06 and below are vulnerable to unauthenticated command injection in cardscandecoder.php via the No and door HTTP GET parameter. Successful exploitation resul...
Matrikon OPC Server
1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely Vendor: Matrikon, a subsidiary of Honeywell Equipment: Matrikon OPC Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote command...
ICSA-20-212-02_Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Multiple Factory Automation Engineering Software products Vulnerability: Permission Issues 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update...
Reliable Controls LicenseManager
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Reliable Controls Equipment: LicenseManager Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the system, view sensitive...
Linear eMerge E3 1.00-06 - Remote Code Execution
Linear eMerge E3 1.00-06 - Remote Code Execution Title: Linear eMerge E3 1.00-06 - Remote Code Execution Author: LiquidWorm Date: 2019-11-13 Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Affected version: =2.3.0a...
eMerge E3 1.00-06 - layout Reflected Cross-Site Scripting
eMerge E3 1.00-06 - layout Reflected Cross-Site Scripting Exploit Title: eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link:...
eMerge50P 5000P 4.6.07 - Remote Code Execution
eMerge50P 5000P 4.6.07 - Remote Code Execution Exploit Title: eMerge50P 5000P 4.6.07 - Remote Code Execution Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series...
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
eMerge E3 1.00-06 - Privilege Escalation
eMerge E3 1.00-06 - Privilege Escalation Exploit Title: eMerge E3 1.00-06 - Privilege Escalation Google Dork: NA Date: 2018-09-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version:...
CBAS-Web 19.0.0 - Remote Code Execution
CBAS-Web 19.0.0 - Remote Code Execution Exploit Title: CBAS-Web 19.0.0 - Remote Code Execution Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
Prima Access Control 2.3.35 - HwName Persistent Cross-Site Scripting
Prima Access Control 2.3.35 - HwName Persistent Cross-Site Scripting Exploit Title: Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Optergy 2.3.0a - Remote Code Execution
Optergy 2.3.0a - Remote Code Execution Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: =2.3.0a Advisory: https://applied-risk.com/resources/ar-2019-008 Paper:...
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)
Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/' input type="hidden"...
Optergy 2.3.0a - Username Disclosure
Optergy 2.3.0a - Username Disclosure Title: Optergy 2.3.0a - Username Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: djuro teppi view alerton stef humba drmio de3 andri myko dzonka kosto beebee...
Prima Access Control 2.3.35 - Arbitrary File Upload
Prima Access Control 2.3.35 - Arbitrary File Upload Exploit Title: Prima Access Control 2.3.35 - Arbitrary File Upload Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Optergy BMS 2.0.3a Remote Root
!/usr/bin/env python Unauthenticated Remote Root Exploit in Optergy BMS Console Backdoor Affected version \n' sys.exit while True: challengeurl = 'http://'+sys.argv1+'/tools/ajax/ConsoleResult.html?get' try: req1 = requests.getchallengeurl getchallenge = json.loadsreq1.text challenge =...
Optergy Proton/Enterprise BMS 2.0.3a Cross Site Request Forgery
Optergy Proton/Enterprise BMS CSRF Add Admin Affected version: history.pushState'', '', '/' input type="hidden" name="user.visibleAlarms" value...
Optergy 2.3.0a Remote Root
!/usr/bin/env python -- coding: utf8 -- Authenticated File Upload in Optergy gaining Remote Root Code Execution Firmware version: =2.3.0a CVE: CVE-2019-7274 Advisory: https://applied-risk.com/resources/ar-2019-008 Paper: https://applied-risk.com/resources/i-own-your-building-management-system...
CBAS-Web 19.0.0 - Information Disclosure
CBAS-Web 19.0.0 - Information Disclosure Exploit Title: CBAS-Web 19.0.0 - Information Disclosure Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
Computrols CBAS-Web 19.0.0 Information Disclosure
Computrols CBAS-Web Information Disclosure Affected versions: 19.0.0 and below CVE: CVE-2019-10849 Advisory: https://applied-risk.com/resources/ar-2019-009 Paper: https://applied-risk.com/resources/i-own-your-building-management-system by Gjoko 'LiquidWorm' Krstic $ curl -s...