52 matches found
Optergy Proton/Enterprise - Unauthenticated RCE via Backdoor Console
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. id: CVE-2019-7276 info: name: Optergy Proton/Enterprise - Unauthenticated RCE via Backdoor Console author: daffainfo severity: critical description: | Optergy Proton/Enterprise devices allow Remote Root Cod...
CVE-2019-7277
Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure...
CVE-2019-7273
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery CSRF...
Optergy Proton And Enterprise BMS 2.0.3a Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Optergy Proton and Enterprise BMS Command Injection using a backdoor', 'Description' = %q This module exploits an undocumented backdoor...
Optergy Proton And Enterprise BMS 2.0.3a Command Injection Exploit
This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System BMS applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called...
VulnCheck KEV: CVE-2019-7276
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)
Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/' input type="hidden"...
Optergy Proton/Enterprise BMS 2.3.0a Open Redirect
Open Redirect in Optergy Proton/Enterprise BMS Firmware version: =2.3.0a CVE: CVE-2019-7275 Advisory: https://applied-risk.com/resources/ar-2019-008 Paper: https://applied-risk.com/resources/i-own-your-building-management-system by Gjoko 'LiquidWorm' Krstic GET /updating.jsp?url=https://segfault....
Optergy Proton/Enterprise BMS 2.0.3a Cross Site Request Forgery
Optergy Proton/Enterprise BMS CSRF Add Admin Affected version: history.pushState'', '', '/' input type="hidden" name="user.visibleAlarms" value...
CVE-2019-7273
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery CSRF...
CVE-2019-7274
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root...
CVE-2019-7273
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery CSRF...
CVE-2019-7272
Optergy Proton/Enterprise devices allow Username Disclosure...
Cross site request forgery (csrf)
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery CSRF...
Design/Logic Flaw
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root...
Design/Logic Flaw
Optergy Proton/Enterprise devices allow Username Disclosure...
CVE-2019-7277
Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure...
CVE-2019-7276
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...
CVE-2019-7276
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...
CVE-2019-7278
Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service...