174 matches found
CVE-2016-8357
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application...
Command injection
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application...
Hardcoded credentials
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...
CVE-2016-8357
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application...
CVE-2016-8361
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...
CVE-2016-8357
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application...
Cross site request forgery (csrf)
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request CROSS-SITE REQUEST FORGERY...
CVE-2016-8378
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials...
CVE-2016-8369
The CVE-2016-8369 entry affects Lynxspring JENEsys BAS Bridge versions 1.1.8 and older, with a Cross-Site Request Forgery (CSRF) vulnerability due to insufficient verification that user-submitted requests originated from the legitimate user. This could allow an attacker to perform actions with th...
CVE-2016-8369
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request CROSS-SITE REQUEST FORGERY...
CVE-2016-8361
CVE-2016-8361 affects Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The root cause is a hard-coded username with no password, enabling an attacker to gain access without authentication to the system. Exploitation could permit unauthenticated access and command execution, consistent with...
CVE-2016-8378
CVE-2016-8378 affects Lynxspring JENEsys BAS Bridge
CVE-2016-8357
The CVE-2016-8357 vulnerability affects Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept them, enabling an attacker with read-only access to cause changes within the application. This is describe...
CVE-2016-8361
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...
CVE-2016-8357
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application...
Lynxspring JENEsys BAS Bridge Cross-Site Request Forgery Vulnerability
Lynxspring is a US based company.BAS Bridge is a web based SCADA system.BAS servers are deployed in areas such as commercial facilities, manufacturing, energy, water and wastewater systems and many more. A cross-site request forgery vulnerability exists in Lynxspring JENEsys BAS Bridge. Due to th...
Lynxspring JENEsys BAS Bridge Elevation of Privilege Vulnerability
Lynxspring is a US based company.BAS Bridge is a web based SCADA system.BAS servers are deployed in areas such as commercial facilities, manufacturing, energy, water and wastewater systems and many more. An elevation of privilege vulnerability exists in Lynxspring JENEsys BAS Bridge. An attacker...
Lynxspring JENEsys BAS Bridge Security Bypass Vulnerability
Lynxspring is a US based company.BAS Bridge is a web based SCADA system.BAS servers are deployed in areas such as commercial facilities, manufacturing, energy, water and wastewater systems and many more. A security bypass vulnerability exists in Lynxspring JENEsys BAS Bridge. An attacker can...
bas-rhin.gouv.fr XSS vulnerability
Vulnerable URL: http://www.bas-rhin.gouv.fr/Outils/Glossaire/namefilter/Y%22%3E%3Cmarquee%20onstart=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 11:33 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
Tracer™ BAS Operator Suite - WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Tracer™ BAS Operator Suite published at the 'play' market has multiple vulnerabilities...