47 matches found
EUVD-2021-28332
Malicious code in bioql PyPI...
EUVD-2021-28322
Malicious code in bioql PyPI...
EUVD-2021-28326
Malicious code in bioql PyPI...
EUVD-2021-28327
Malicious code in bioql PyPI...
EUVD-2021-28329
Malicious code in bioql PyPI...
EUVD-2021-28320
Malicious code in bioql PyPI...
EUVD-2021-28330
Malicious code in bioql PyPI...
EUVD-2021-28331
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2021-41295
ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands GET, POST, PUT, DELETE to perform arbitrary operations in the system...
ECOA BAS controller weak password vulnerability
ECOA BAS controller is an intelligent lighting control solution. ECOA BAS controller has a weak password vulnerability that could be exploited by attackers to gain full control of the system...
ECOA BAS controller information disclosure vulnerability (CNVD-2021-83644)
ECOA BAS controller is a smart lighting control solution. ECOA BAS controller is vulnerable to information disclosure, which can be exploited by remote attackers to submit special requests that can obtain sensitive information...
ECOA BAS controller information disclosure vulnerability
ECOA BAS controller is a building automation controller. ECOA BAS controller handles HTTP GET requests and is vulnerable to information disclosure, which can be exploited by remote attackers to submit ad hoc requests that can obtain sensitive information...
ECOA BAS controller cross-site request forgery vulnerability
ECOA BAS controller is an intelligent lighting control solution. ECOA BAS controller is vulnerable to cross-site request forgery, which can be exploited by attackers to send forged requests to malicious web pages and execute CRUD commands to perform arbitrary actions on the system...
ECOA BAS controller arbitrary file upload vulnerability
ECOA BAS controller is a BAS controller developed by Ecoa Technologies Corp in Taiwan, China. ECOA BAS controller is vulnerable to arbitrary file uploads, which can be exploited to send specially crafted URL requests to the /upload URI with the file name and rbt parameters containing The "dot"...
ECOA BAS controller directory traversal vulnerability (CNVD-2021-83638)
ECOA BAS controller is a smart lighting control solution. ECOA BAS controller is vulnerable to directory traversal, which can be exploited by attackers to compromise sensitive and system information...
ECOA BAS controller unauthorized access vulnerability
ECOA BAS controller is an intelligent lighting control solution. an unauthorized access vulnerability exists in ECOA BAS controller, which can be exploited by remote attackers to bypass authorization to access hidden resources in the system and perform privileged functions...
ECOA BAS controller directory traversal vulnerability
ECOA BAS controller is a smart lighting control solution. A directory traversal vulnerability exists in the ECOA BAS controller GET parameter handling, which can be exploited by attackers to delete arbitrary files on the affected device and cause a denial of service scenario...
CVE-2021-41290
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device...
CVE-2021-41297
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text...
CVE-2021-41301
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation...