Lucene search
K

4 matches found

Nuclei
Nuclei
added 10 hours ago59 views

ECOA Building Automation System - Arbitrary File Retrieval

The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. id: CVE-2021-41293 info: name: ECOA Building Automation...

7.5CVSS7AI score0.20084EPSS
Exploits1References5
Circl
Circl
added 2021/09/30 2:37 p.m.64 views

CVE-2021-41293

creationtimestamp| type| source ---|---|--- 2021-09-30 14:37:58+00:00| seen| https://t.me/cibsecurity/29708 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-41293.yaml 2025-01-26 00:00:00+00:00| seen| The Shadowserver...

7.5CVSS7.1AI score0.20084EPSS
In wildExploits1References5
NVD
NVD
added 2021/09/30 11:15 a.m.16 views

CVE-2021-41293

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information...

7.5CVSS0.20084EPSS
Exploits1References1
CVE
CVE
added 2021/09/30 10:40 a.m.86 views

CVE-2021-41293

The ECOA Building Automation System (BAS) controller is affected by a path traversal/arbitrary file disclosure vulnerability. Affected component/file: viewlog.jsp; attack vector is via the POST parameter fname, allowing an unauthenticated attacker to disclose arbitrary files and sensitive system ...

7.5CVSS7.5AI score0.20084EPSS
In wildExploits1References1Affected Software1
Rows per page
Query Builder