94 matches found
CVE-2019-10849
Computrols CBAS 18.0.0 allows unprotected Subversion SVN directory / source code disclosure...
CVE-2019-10846
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter...
CVE-2019-10855
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database...
Sql injection
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=startpulling&id= substring...
CVE-2019-10852
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=startpulling&id= substring...
CVE-2019-10853
Computrols CBAS 18.0.0 allows Authentication Bypass...
Default credentials
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database...
CVE-2019-10851
Computrols CBAS 18.0.0 has hard-coded encryption keys...
Command injection
Computrols CBAS 18.0.0 allows Authenticated Command Injection...
CVE-2019-10852
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=startpulling&id= substring...
Authentication flaw
Computrols CBAS 18.0.0 allows Authentication Bypass...
CVE-2019-10851
Computrols CBAS 18.0.0 has hard-coded encryption keys...
CVE-2019-10854
Computrols CBAS 18.0.0 allows Authenticated Command Injection...
Hardcoded credentials
Computrols CBAS 18.0.0 has hard-coded encryption keys...
CVE-2019-10854
Computrols CBAS 18.0.0 allows Authenticated Command Injection...
CVE-2019-10846
CVE-2019-10846 affects Computrols CBAS Web (versions prior to fixed 19.0.1/18.0.1 etc.). It describes an Unauthenticated Reflected Cross-Site Scripting vulnerability in the login and password-reset pages via the username GET parameter. Impact per sources is client-side script execution in a user’...
CVE-2019-10846
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter...
CVE-2019-10849
CBAS Web (Computrols CBAS) 19.0.0 is affected by an information-disclosure vulnerability due to an unprotected Subversion/SVN directory that can disclose the firmware source code. The Red Hat advisory and exploit reports confirm the issue affects CBAS Web and maps to CVE-2019-10849, with an impac...
CVE-2019-10849
Computrols CBAS 18.0.0 allows unprotected Subversion SVN directory / source code disclosure...
CVE-2019-10850
Computrols CBAS 18.0.0 has Default Credentials...