Lucene search
K

174 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:41 a.m.16 views

CVE-2017-17974

BA SYSTEMS BAS Web on BAS920 devices with Firmware 01.01.00, HTTPserv 00002, and Script 02. and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/getsidjs.aspx or isc/getsid.aspx, as demonstrated by obtaining administrative access by subsequently using...

9.8CVSS6.7AI score0.0166EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:27 p.m.7 views

CVE-2002-1936

UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via 1 field account with a password of "field", 2 guru account with a password of "3noguru", 3 snmp account with a password of "snmp", or 4 dbase account with a...

7.5CVSS7.6AI score0.01532EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/24 4:8 p.m.13 views

CVE-2025-46502 WordPress LSD Custom taxonomy and category meta plugin <= 1.3.2 - CSRF to XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bas Matthee LSD Custom taxonomy and category meta custom-taxonomy-category-and-term-fields allows Cross Site Request Forgery.This issue affects LSD Custom taxonomy and category meta: from n/a throu...

7.1CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2025/04/24 4:8 p.m.57 views

CVE-2025-46502

CVE-2025-46502 concerns the WordPress plugin LSD Custom taxonomy and category meta (versions ≤ 1.3.2). The connected documents confirm an improper input handling issue that enables a Cross-site Scripting (XSS) path which in turn facilitates a Cross-Site Request Forgery (CSRF) scenario, i.e., the ...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References1
hivepro
hivepro
added 2025/04/22 1:40 p.m.5 views

The Exposure Validation Revolution: From Hoping to Knowing

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on the Exposure Validation Revolution! Imagine your security team...

8.2AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/11/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-41295

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands GET, POST, PUT, DELETE to perform arbitrary operations in the system...

8.8CVSS6AI score0.00415EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/10/30 12:0 a.m.201 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Information Disclosure

ABB Cylon Aspect 3.08.01 jsonProxy.php Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/30 12:0 a.m.264 views

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Username Enumeration

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerabl...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/30 12:0 a.m.322 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Reflected XSS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy manageme...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/30 12:0 a.m.227 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service

ABB Cylon Aspect 3.08.01 jsonProxy.php Denial of Service Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and contr...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/11 12:0 a.m.353 views

ABB Cylon Aspect 3.07.02 user.properties Default Credentials

ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy management and...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/11 12:0 a.m.392 views

ABB Cylon Aspect 3.07.02 (user.properties) Default Credentials

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller uses a weak set of default administrative...

5.8AI score
Exploits0
0day.today
0day.today
added 2024/10/11 12:0 a.m.205 views

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control Vulnerability

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/10 12:0 a.m.243 views

ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal

ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/07 12:0 a.m.336 views

ABB Cylon Aspect 3.08.00 (syslogSwitch.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/25 12:0 a.m.289 views

ABB Cylon Aspect 3.07.00 Remote Code Execution

ABB Cylon Aspect 3.07.00 networkDiagAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.00 Summary: ASPECT is an award-winning scalable building energy management...

9.8CVSS7.4AI score0.0136EPSS
Exploits2
0day.today
0day.today
added 2024/09/24 12:0 a.m.216 views

ABB Cylon Aspect 3.08.01 Remote Code Execution Vulnerability

ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite function,...

9.4CVSS8.1AI score0.1901EPSS
Exploits4
NVD
NVD
added 2024/07/03 3:15 p.m.11 views

CVE-2024-39220

BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmwar...

6.5CVSS0.0044EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/03 12:0 a.m.12 views

CVE-2024-39220

BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmwar...

6.6AI score0.0044EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/03 12:0 a.m.14 views

CVE-2024-39220

BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmwar...

0.0044EPSS
Exploits0References2
Rows per page
Query Builder