60 matches found
OpenBMCS 2.4 Secret Disclosure
OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product...
OpenBMCS 2.4 Secrets Disclosure
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
bms-skfo.ru Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1075257 Security Researcher geeknik Helped patch 8729 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting bms-skfo.ru website and it...
Optergy BMS 2.0.3a Remote Root
!/usr/bin/env python Unauthenticated Remote Root Exploit in Optergy BMS Console Backdoor Affected version \n' sys.exit while True: challengeurl = 'http://'+sys.argv1+'/tools/ajax/ConsoleResult.html?get' try: req1 = requests.getchallengeurl getchallenge = json.loadsreq1.text challenge =...
Optergy BMS 2.0.3a Account Reset / Username Disclosure
Optergy BMS Account Reset and Username Disclosure Affected version djuro teppi view alerton stef humba drmio de3 andri myko dzonka kosto beebee Administrator...
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/' input type="hidden" name...
Optergy Proton/Enterprise BMS 2.3.0a Open Redirect
Open Redirect in Optergy Proton/Enterprise BMS Firmware version: =2.3.0a CVE: CVE-2019-7275 Advisory: https://applied-risk.com/resources/ar-2019-008 Paper: https://applied-risk.com/resources/i-own-your-building-management-system by Gjoko 'LiquidWorm' Krstic GET /updating.jsp?url=https://segfault....
Optergy 2.3.0a - Remote Code Execution (Backdoor) Exploit
Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl =...
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)
Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/'...
Optergy 2.3.0a - Remote Code Execution (Backdoor)
Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl = 'http://'+sys.argv1+'/tools/ajax/ConsoleResult.html?get' try: req1 =...
Mapping the Attack Surface of an Airport
Aviation security is a complex environment. What first sparked my interest in avionics security was a comment from an airport customer of ours. They had seen the media coverage of the DHS work against a Boeing 757 a few years ago and were concerned that an ‘infected’ airplane might create a fresh...
Command injection
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...
CVE-2019-9082
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...
CVE-2019-9082
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...
CVE-2019-9082
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...
CVE-2019-9082
ThinkPHP CVE-2019-9082 affects ThinkPHP before 3.2.4 (used in Open Source BMS v1.1.1). The vulnerability allows Remote Command Execution via a crafted request to public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=..., enabling an attacker to run comm...
CVE-2019-9082
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...
CVE-2019-9082
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command. Recent assessments: Mad-robot at July 05, 2020 1:53pm UTC reported:...
CVE-2017-6039
CVE-2017-6039 affects Phoenix Broadband PowerAgent SC3 BMS (PowerAgent SC3 Site Controller). The root cause is a hard-coded password in all versions prior to v6.87, enabling unauthorized access to the device. The vulnerability is described as remote, with CVSSv3 base score 5.3 (AV:N/AC:L/PR:N/UI:...
Sql injection
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to modules/bms/invoicesdiscountajax.php, 2 f parameter to dbgraphic.php, and 3 tid parameter in a show action to advancedsearch.php...