23 matches found
CVE-2019-11367
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...
EUVD-2019-3045
Malware in sbrugna...
EUVD-2019-3046
Malware in sbrugna...
CVE-2019-11368
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter...
AU Optronics Solar Data Recorder Cross-Site Scripting Vulnerability
AU Optronics Solar Data Recorder is a photovoltaic data recorder from AU Optronics, Taiwan, China. A cross-site scripting vulnerability exists in AU Optronics Solar Data Recorder versions prior to 1.3.0. The vulnerability stems from the lack of proper validation of client-side data by the web...
CVE-2019-11368
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter...
CVE-2019-11368
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter...
Hardcoded credentials
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...
CVE-2019-11367
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...
Cross site scripting
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter...
CVE-2019-11367
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...
CVE-2019-11367
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...
CVE-2019-11367
CVE-2019-11367 affects AUO Solar Data Recorder pre-1.3.0. The web portal uses HTTP Basic Authentication and leaks credentials via the WWW-Authenticate header, allowing login with exposed account/password without further authentication. Exploitable by accessing the /protect/ area; multiple public ...
CVE-2019-11368
AU Optronics Solar Data Recorder prior to version 1.3.0 is affected by CVE-2019-11368: a stored XSS vulnerability in the web interface reachable via the protect/config.htm addr parameter. The issue permits script execution within the context of an authenticated user (stored in the application's b...
CVE-2019-11368
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter...
AUO Solar Data Recorder Incorrect Access Control
Exploit Title: AUO Solar Data Recorder - Incorrect Access Control Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
Exploit Title: AUO Solar Data Recorder - Incorrect Access Control Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...
AUO Solar Data Recorder 1.3.0 - Incorrect Access Control
AUO Solar Data Recorder 1.3.0 - Incorrect Access Control Exploit Title: AUO Solar Data Recorder - Incorrect Access Control Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a...
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
Exploit for hardware platform in category web applications Exploit Title: AUO Solar Data Recorder - Incorrect Access Control Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...
AUO Solar Data Recorder < 1.3.0 - addr Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: AUO Solar Data Recorder - Stored XSS Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...