Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.16 views

Automated Logic Corporation WebCTRL Improper Restriction of XML External Entity Reference (CVE-2018-8819)

An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...

7.5CVSS7.3AI score0.03052EPSS
Exploits2References4
CVE
CVE
added 2018/06/14 8:0 p.m.83 views

CVE-2018-8819

The CVE-2018-8819 issue affects Automated Logic Corporation (ALC) WebCTRL versions 6.0, 6.1 and 6.5. It is an XML External Entity (XXE) vulnerability in a weakly configured XML parser that allows an unauthenticated attacker to disclose full file contents from the underlying web server OS via the ...

7.5CVSS7.4AI score0.03052EPSS
Exploits2References3Affected Software1
The Coalfire Blog
The Coalfire Blog
added 2018/06/11 9:32 p.m.17 views

How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL

I like to do bug bounties from time to time, mostly when I am sacrificing sleep once the kids are finally out cold. This seemed like a worthy experience to document. Let me just start by saying I dont plan on going into the whole recon bits too deeply here. Maybe I will someday if I ever have...

0.6AI score0.03052EPSS
Exploits2
Packet Storm
Packet Storm
added 2018/06/09 12:0 a.m.137 views

WebCTRL Out-Of-Band XML Injection

CVE-2018-8819 Product Description WebCTRL is a BACnet native, intelligent, HVAC and energy control system for your building. A proven, industry-leading system, the WebCTRLAr building automation system gives you the ability to fully understand your operations and analyze the results with tools tha...

7.7AI score0.03052EPSS
Exploits2
Rows per page
Query Builder