159 matches found
CVE-2023-31502
Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution RCE vulnerability via the component /models/managementmodel.php...
Altenergy Power Control Software C1.2.5 Command Injection
Exploit Title: Altenergy Power Control Software C1.2.5 - OS command injection Google Dork: intitle:"Altenergy Power Control Software" Date: 15/3/2023 Exploit Author: Ahmed Alroky Vendor Homepage: https://apsystems.com/ Version: C1.2.5 Tested on: Windows 10 CVE : CVE-2023-28343 import requests...
Altenergy Power Control Software C1.2.5 - OS command injection
Exploit Title: Altenergy Power Control Software C1.2.5 - OS command injection Google Dork: intitle:"Altenergy Power Control Software" Date: 15/3/2023 Exploit Author: Ahmed Alroky Vendor Homepage: https://apsystems.com/ Version: C1.2.5 Tested on: Windows 10 CVE : CVE-2023-28343 import requests...
Altenergy Power Control Software C1.2.5 - OS command injection
Exploit Title: Altenergy Power Control Software C1.2.5 - OS command injection Google Dork: intitle:"Altenergy Power Control Software" Exploit Author: Ahmed Alroky Vendor Homepage: https://apsystems.com/ Version: C1.2.5 Tested on: Windows 10 CVE : CVE-2023-28343 import requests import argparse def...
ABB 800xA Improper Input Validation (CVE-2021-22277)
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. This plugin only works with Tenable.ot. Please visit...
CVE-2023-28343
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/settimezone timezone parameter, because of settimezone in models/managementmodel.php...
Command injection
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/settimezone timezone parameter, because of settimezone in models/managementmodel.php...
CVE-2023-28343
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/settimezone timezone parameter, because of settimezone in models/managementmodel.php...
Altenergy Power System Control Software 操作系统命令注入漏洞
Altenergy Power System Control Software is microinverter control software from Altenergy Power System. A security vulnerability exists in AlAltenergy Power System Control Software version C1.2.5, which originates from an operating system command injection vulnerability...
CVE-2023-28343
Altenergy Power Control Software C1.2.5 is affected by CVE-2023-28343: an OS command injection via shell metacharacters in the index.php/management/set_timezone parameter, caused by set_timezone in models/management_model.php. This allows remote command execution with the affected product version...
The vulnerability in the web interface of the Unified Remote software, a remote control program for computers, allows a hacker to execute arbitrary code.
The vulnerability of the Unified Remote web interface for remote control software management is related to an incorrect authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2023-0451
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and...
Econolite EOS (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Econolite Equipment: EOS Vulnerability: Improper Access Control, Use of Weak Hash 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-23-026-02 Econolite EOS...
usememos/memos Improper Access Control vulnerability
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0...
ZOHO ManageEngine Device Control Plus 安全漏洞
ZOHO ManageEngine Device Control Plus is a USB device control software from ZOHO USA. It is used to control, block and monitor all removable devices connected to the computer. A security vulnerability exists in ZOHO ManageEngine Device Control Plus version 10.1.2228.15 that originates from the...
APsystems Access Control Error Vulnerability
APsystems is a microinverter from APsystems, Inc. Combining high efficiency power conversion with a user-friendly monitoring interface, it brings you reliable and smart energy. An access control error vulnerability exists in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software version...
CVE-2022-44037
An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...
Design/Logic Flaw
An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...
APsystems 安全漏洞
APsystems is a microinverter from APsystems, Inc. Combining high efficiency power conversion with a user-friendly monitoring interface, it brings you reliable and smart energy. An access control error vulnerability exists in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software version...
CVE-2022-44037
An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...