Lucene search
K

60 matches found

Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.306 views

OpenBMCS 2.4 Secret Disclosure

OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2022/01/16 12:0 a.m.311 views

OpenBMCS 2.4 Secrets Disclosure

Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...

8.7CVSS5.8AI score0.00478EPSS
Exploits2
Openbugbounty
Openbugbounty
added 2020/01/26 3:40 p.m.11 views

bms-skfo.ru Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1075257 Security Researcher geeknik Helped patch 8729 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting bms-skfo.ru website and it...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/11/12 12:0 a.m.97 views

Optergy BMS 2.0.3a Remote Root

!/usr/bin/env python Unauthenticated Remote Root Exploit in Optergy BMS Console Backdoor Affected version \n' sys.exit while True: challengeurl = 'http://'+sys.argv1+'/tools/ajax/ConsoleResult.html?get' try: req1 = requests.getchallengeurl getchallenge = json.loadsreq1.text challenge =...

10CVSS9.6AI score0.93384EPSS
Exploits7
Packet Storm
Packet Storm
added 2019/11/12 12:0 a.m.113 views

Optergy BMS 2.0.3a Account Reset / Username Disclosure

Optergy BMS Account Reset and Username Disclosure Affected version djuro teppi view alerton stef humba drmio de3 andri myko dzonka kosto beebee Administrator...

5CVSS0.10469EPSS
Exploits5
0day.today
0day.today
added 2019/11/12 12:0 a.m.182 views

Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/' input type="hidden" name...

6.8CVSS8.7AI score0.04476EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/11/12 12:0 a.m.135 views

Optergy Proton/Enterprise BMS 2.3.0a Open Redirect

Open Redirect in Optergy Proton/Enterprise BMS Firmware version: =2.3.0a CVE: CVE-2019-7275 Advisory: https://applied-risk.com/resources/ar-2019-008 Paper: https://applied-risk.com/resources/i-own-your-building-management-system by Gjoko 'LiquidWorm' Krstic GET /updating.jsp?url=https://segfault....

5.8CVSS6.7AI score0.09087EPSS
Exploits1
0day.today
0day.today
added 2019/11/12 12:0 a.m.132 views

Optergy 2.3.0a - Remote Code Execution (Backdoor) Exploit

Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl =...

10CVSS9.6AI score0.93384EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/11/12 12:0 a.m.115 views

Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)

Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/'...

8.8CVSS9AI score0.04476EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/11/12 12:0 a.m.305 views

Optergy 2.3.0a - Remote Code Execution (Backdoor)

Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl = 'http://'+sys.argv1+'/tools/ajax/ConsoleResult.html?get' try: req1 =...

10CVSS9.8AI score0.93384EPSS
Exploits7
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/10/11 5:45 a.m.136 views

Mapping the Attack Surface of an Airport

Aviation security is a complex environment. What first sparked my interest in avionics security was a comment from an airport customer of ours. They had seen the media coverage of the DHS work against a Boeing 757 a few years ago and were concerned that an ‘infected’ airplane might create a fresh...

7.5AI score
Exploits0
Prion
Prion
added 2019/02/24 6:29 p.m.35 views

Command injection

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

9.3CVSS8.8AI score0.97419EPSS
Exploits8References3Affected Software3
NVD
NVD
added 2019/02/24 6:29 p.m.33 views

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

9.3CVSS8.9AI score0.97419EPSS
Exploits8References4
OSV
OSV
added 2019/02/24 6:29 p.m.39 views

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

8.8CVSS7.1AI score0.97419EPSS
Exploits8References4
Vulnrichment
Vulnrichment
added 2019/02/24 6:0 p.m.12 views

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

7.3AI score0.97419EPSS
Exploits8References2
CVE
CVE
added 2019/02/24 6:0 p.m.1306 views

CVE-2019-9082

ThinkPHP CVE-2019-9082 affects ThinkPHP before 3.2.4 (used in Open Source BMS v1.1.1). The vulnerability allows Remote Command Execution via a crafted request to public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=..., enabling an attacker to run comm...

9.3CVSS8.7AI score0.97419EPSS
In wildExploits8References4Affected Software1
Cvelist
Cvelist
added 2019/02/24 6:0 p.m.50 views

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

8.9AI score0.97419EPSS
Exploits8References2
ATTACKERKB
ATTACKERKB
added 2019/02/24 12:0 a.m.90 views

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command. Recent assessments: Mad-robot at July 05, 2020 1:53pm UTC reported:...

9.3CVSS9AI score0.97419EPSS
In wildExploits8References6
CVE
CVE
added 2017/06/02 2:0 p.m.44 views

CVE-2017-6039

CVE-2017-6039 affects Phoenix Broadband PowerAgent SC3 BMS (PowerAgent SC3 Site Controller). The root cause is a hard-coded password in all versions prior to v6.87, enabling unauthorized access to the device. The vulnerability is described as remote, with CVSSv3 base score 5.3 (AV:N/AC:L/PR:N/UI:...

5.3CVSS5.3AI score0.01168EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2009/10/22 5:30 p.m.18 views

Sql injection

Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to modules/bms/invoicesdiscountajax.php, 2 f parameter to dbgraphic.php, and 3 tid parameter in a show action to advancedsearch.php...

7.5CVSS9.2AI score0.00952EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder