Optergy Proton/Enterprise Building Management System - Open Redirect

Optergy Proton/Enterprise Building Management System contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-7275 info: name: Optergy Proton/Enterprise...

Optergy Proton/Enterprise - Unauthenticated RCE via Backdoor Console

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. id: CVE-2019-7276 info: name: Optergy Proton/Enterprise - Unauthenticated RCE via Backdoor Console author: daffainfo severity: critical description: | Optergy Proton/Enterprise devices allow Remote Root Cod...

CVE-2019-7277

Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure...

CVE-2019-7279

Optergy Proton/Enterprise devices have Hard-coded Credentials...

CVE-2019-7275

Optergy Proton/Enterprise devices allow Open Redirect...

CVE-2019-7272

Optergy Proton/Enterprise devices allow Username Disclosure...

CVE-2019-7276

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...

CVE-2019-7278

Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service...

EUVD-2019-16823

Malware in sbrugna...

EUVD-2019-16821

Malware in sbrugna...

EUVD-2019-16822

Malware in sbrugna...

EUVD-2019-16817

Malware in sbrugna...

CVE-2019-7274

Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root...

CVE-2019-7273

Optergy Proton/Enterprise devices allow Cross-Site Request Forgery CSRF...

Optergy Proton and Enterprise BMS Command Injection using a backdoor

This module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System BMS applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called Console.jsp in...

Optergy Proton And Enterprise BMS 2.0.3a Command Injection Exploit

This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System BMS applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called...

Optergy Proton And Enterprise BMS 2.0.3a Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Optergy Proton and Enterprise BMS Command Injection using a backdoor', 'Description' = %q This module exploits an undocumented backdoor...

VulnCheck KEV: CVE-2019-7276

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...

Optergy 2.3.0a - Remote Code Execution (Backdoor) Exploit

Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl =...

Optergy 2.3.0a - Remote Code Execution (Backdoor)

Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl = 'http://'+sys.argv1+'/tools/ajax/ConsoleResult.html?get' try: req1 =...