24 matches found
Satel Iberia SenNet Data Logger And Electricity Meters Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Satel Iberia SenNet Data Logger and Electricity Meters Command Injection Vulnerability', 'Description' = %q This module exploits an OS Command...
Cambium ePMP 1000 (up to v2.5) Arbitrary Command Execution
This module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 Authors Karn Ganeshen...
Moxa MXview
CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Moxa Equipment: MXview Vulnerability: Unquoted Search Path or Element. AFFECTED PRODUCTS The following versions of MXview, network management software, are affected: MXview v2.8 and prior. IMPACT Successful exploitation of this...
Cambium ePMP 1000 'ping' Command Injection (up to v2.5)
This module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 Authors Karn Ganeshen This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'ping' Command Injection ...
SpiderControl MicroBrowser
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: SpiderControl Equipment: MicroBrowser Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of SpiderControl MicroBrowser, a touch panel operating system, are affected: MicroBrowser...
SpiderControl SCADA Web Server
CVSS v3 5.3 ATTENTION: Low skill level to exploit Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Improper Privilege Management AFFECTED PRODUCTS The following versions of SCADA Web Server, a software management platform, are affected: SCADA Web Server Version 2.02.0007 and prior...
AzeoTech DAQFactory
CVSS v3 7.1 ATTENTION: Local access and user-level privileges are required to exploit these vulnerabilities Vendor: AzeoTech Equipment: DAQFactory Vulnerabilities: Incorrect Default Permissions, Uncontrolled Search Path Element AFFECTED PRODUCTS AzeoTech reports that the vulnerabilities affect th...
SpiderControl SCADA Web Server
CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Directory Traversal AFFECTED PRODUCTS The following versions of SpiderControl SCADA Web Server, a software management platform, are affected: SCADA Web Server...
Solar Controls WATTConfig M Software
CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Solar Controls Equipment: WATTConfig M Software Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Solar Controls’ WATTConfig M Software for Windows 2.5.10 for M SSR/MAX PLCs are affected: WATTConf...
Schneider Electric Pro-face GP-Pro EX
CVSS v3 7.2 ATTENTION: Public exploits are available. Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Pro-face GP-Pro EX software, an HMI management platform, are affected: GP Pro EX version...
Digital Canal Structural Wind Analysis
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Digital Canal Structural Equipment: Wind Analysis Vulnerability: Stack-Based Buffer Overflow AFFECTED PRODUCTS The following versions of Wind Analysis, a structural engineering software platform, are affected: Wind...
BLF-Tech LLC VisualView HMI
CVSS v3 7.0 ATTENTION: Low skill level to exploit Vendor: BLF-Tech LLC Equipment: VisualView HMI Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following VisualView HMI versions are affected: VisualView HMI Version 9.9.14.0 and prior. IMPACT Successful exploitation of this...
Schneider Electric Interactive Graphical SCADA System Software
CVSS v3 6.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Interactive Graphical SCADA System IGSS Software Vulnerability: DLL Hijacking AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following IGSS HMI desktop...
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
CVSS v3 7.3 ATTENTION: Low skill level to exploit. Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Improper Access Control AFFECTED PRODUCTS The following versions of LAquis SCADA, an industrial automation software, are affected: LAquis...
mySCADAPro 7 Privilege Escalation
mySCADAProv7 Local Privilege Escalation Vendor: mySCADA Technologies s.r.o. Product web page: https://www.myscada.org/ Affected application: myscadaPro Affected version: v7 Current version Vulnerability discovered by: Karn Ganeshen Description: myscadaPro7 application installs seven 8 services. A...
GE Industrial Solutions UPS SNMP Adapter 4.8 - Multiple Vulnerabilities
GE Industrial Solutions UPS SNMP Adapter 4.8 - Multiple Vulnerabilities Exploit Title: GE Industrial Solutions - UPS SNMP Adapter Command Injection and Clear-text Storage of Sensitive Information Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: http://www.geindustrial.com/ Versions...
PROLiNK H5004NK Backdoor Accounts / RBAC Failure / CSRF
Exploit Title: PROLiNK H5004NK ADSL Wireless Modem Multiple Vulnerabilities Discovered by: Karn Ganeshen Reported on: October 13, 2015 Vendor Response: No process to handle vuln reports Vendor Homepage: http://www.prolink2u.com/newtemp/datacom/adsl-modem-router/381-h5004nk.html Version Affected:...
D-Link DIR-300 Cross Site Scripting
Requirement 1. HTTPs Access to router 2. Ability to make configuration changes Access vector Remote Impact Persistent XSS / Script execution Vulnerable platform D-Link DIR-300 Firmware v1.3 Severity level High Steps to reproduce 1. Log in to D-link router. 2. Setup - LAN Setup - DHCP Client List ...
UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow
UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow !/usr/bin/python import socket,sys,base64 print """ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ UPlusFTP Server v1.7.1.01 HTTP Remot...
UPlusFTP Server v1.7.1.01 HTTP Remote Buffer Overflow Post Auth
Exploit for windows platform in category remote exploits =============================================================== UPlusFTP Server v1.7.1.01 HTTP Remote Buffer Overflow Post Auth =============================================================== !/usr/bin/python import socket,sys,base64 print...