16 matches found
EUVD-2022-52453
Malicious code in bioql PyPI...
EUVD-2024-0897
Malicious code in bioql PyPI...
EUVD-2025-27501
Malicious code in bioql PyPI...
CVE-2024-24573
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...
CVE-2024-24767
CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...
Password Brute Force Attack
github.com/icewhaletech/casaos-userservice is vulnerable to Password Brute Force Attack. The vulnerability is due to a lack of control on login attempts missing a rate limit on login. This enables attackers to gain super user-level access to the server, allowing unauthorized access to the server...
PT-2024-20545 · Casaos · Casaos
Name of the Vulnerable Software and Affected Versions: CasaOS versions 0.4.4.3 through 0.4.6 Description: The CasaOS web application lacks control over login attempts, allowing attackers to perform password brute force attacks and gain full access to the server with super user-level access...
CVE-2022-30622
Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...
Default credentials
Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...
CVE-2022-30622 Chcnav - P5E GNSS Information disclosure
Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...
Johnson Controls CEM Systems AC2000
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Controlled Electronic Management Systems, Ltd., a subsidiary of Johnson Controls, Inc. Equipment: CEM Systems AC2000 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Johnson Controls Sensormatic Electronics Illustra
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. Equipment: Illustra Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to...
Johnson Controls Sensormatic Tyco AI
1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: Tyco AI Vulnerability: Off-by-one Error 2. RISK EVALUATION Under specific circumstances, a local attacker could use this vulnerability to obtain super-user access to the underlying...
Johnson Controls Exacq Technologies exacqVision
1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Exacq Technologies, Inc., a subsidiary of Johnson Controls, Inc. Equipment: exacqVision Vulnerability: Off-by-one Error 2. RISK EVALUATION A local attacker could exploit this vulnerability to obtain “Super User” access to the underlying Ubuntu Linux...
Itetris 1.6.1/1.6.2 Privileged Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2139/info Itetris, or Intelligent Tetris, is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video hardware when run by a regular...
Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities
Binary data 800602.prm...