12 matches found
CVE-2021-21266 XXE vulnerability in OpenHAB
openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...
HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)
HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on:...
HomeAutomation 3.3.2 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Authentication Bypass Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisor...
HomeAutomation 3.3.2 CSRF / Code Execution
HomeAutomation v3.3.2 CSRF Remote Command Execution PHP Reverse Shell PoC Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use...
HomeAutomation 3.3.2 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Remote Code Execution Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisor...
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting
Exploit: HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID: ZSL-2019-5556 Advisor...
HomeAutomation 3.3.2 - Authentication Bypass
HomeAutomation 3.3.2 - Authentication Bypass Exploit: HomeAutomation 3.3.2 - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips...
HomeAutomation 3.3.2 Cross Site Scripting
HomeAutomation v3.3.2 Stored and Reflected XSS Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick,...
HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos...
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Exploit: HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos...
HomeAutomation v3.3.2 Stored and Reflected XSS
Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...
HomeAutomation v3.3.2 CSRF Remote Command Execution (PHP Reverse Shell) PoC
Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...