50 matches found
CVE-2025-27846
In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected...
CVE-2025-27845
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...
CVE-2025-27847
CVE-2025-27847 affects ESPEC North America Web Controller 3 (prior to 3.3.8). The issue is that user session privileges are not revoked on logout via the /api/v4/auth/ endpoint, which can allow continued access after logout. CVSS v3.1 metrics indicate a Medium impact with Privileges Required: Non...
Hope-Boot 安全漏洞
Hope-Boot is a modern scaffolding project by the individual developer java-aodeng. A security vulnerability exists in Hope-Boot version 1.0.0, which stems from the mishandling of the parameter errorMsg by the Login function in WebController.java, which could lead to a cross-site scripting attack...
Hope-Boot 输入验证错误漏洞
Hope-Boot is a modern scaffolding project by the individual developer java-aodeng. An input validation error vulnerability exists in Hope-Boot version 1.0.0, which stems from mishandling of the parameter redirecturl in the doLogin function in WebController.java, which could lead to an open redire...
Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)
Exploit Title: Ruijie Reyee Wireless Router firmware version B11P204 - MITM Remote Code Execution RCE Date: April 15, 2023 Exploit Author: Mochammad Riyan Firmansyah of SecLab Indonesia Vendor Homepage: https://ruijienetworks.com Software Link:...
ReyeeOS 1.204.1614 - MITM Remote Code Execution Exploit
Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version: ReyeeOS 1.204.1614...
ReyeeOS 1.204.1614 Code Execution / Man-In-The-Middle
Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Date: July 31, 2023 Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version...
ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)
Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Date: July 31, 2023 Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version...
studygolang 跨站脚本漏洞
studygolang is a Go language Chinese network studygolang open source a Go language Chinese network . studygolang there is a security vulnerability , the vulnerability stems from the file http/controller/search.go Search function , the manipulation of the parameter q leads to cross-site scripting...
Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure
Honeywell MCR Web Controller Full Path Disclosure & Cross Site Scripting Vendor Homepage: https://www.honeywell.com WebVersion: XL1000C50 EXCEL WEB 52 I/O, XL1000C500 EXCEL WEB 300 I/O, XL1000C100 EXCEL WEB 104 I/O, XL1000C1000 EXCEL WEB 600 I/O, XL1000C50U EXCEL WEB 52 I/O UUKL, XL1000C500U EXCE...
Hitachi Web Controller PLC Detection
Binary data 757771.prm...
Hitachi Web Controller PLC Detection
Binary data 757772.prm...
Honeywell XL Web Controller Cross Site Scripting / SQL Injection
Exploit Title: Honeywell XL Web Controller SQLi & XSS Date: 2018-05-24 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : XL1000C50 EXCEL WEB 52 I/O, XL1000C100 EXCEL WEB 104 I/O, XL1000C500 EXCEL WEB 300 I/O, XL1000C1000 EXCEL WEB 600 I/O, XL1000C50U EXCE...
Honeywell XL Web Controller - Cross-Site Scripting Vulnerability
Exploit for linux platform in category web applications Exploit Title: Honeywell XL Web Controller - Cross-Site Scripting Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : XL1000C50 EXCEL WEB 52 I/O, XL1000C100 EXCEL WEB 104 I/O, XL1000C500 EXCEL WEB 300...
Honeywell XL Web Controller - Cross-Site Scripting
Honeywell XL Web Controller - Cross-Site Scripting Exploit Title: Honeywell XL Web Controller - Cross-Site Scripting Date: 2018-05-24 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : XL1000C50 EXCEL WEB 52 I/O, XL1000C100 EXCEL WEB 104 I/O, XL1000C500...
Honeywell XL Web II Controller Privilege Mismanagement Vulnerability
Honeywell XL Web Controller is a web-based SCADA system. A security vulnerability exists in the Honeywell XL Web II Controller. It allows an attacker to open and change certain parameters by accessing a specific URL...
Honeywell XL Web II Controller Clear Text Stored Password Vulnerability
Honeywell XL Web Controller is a web-based SCADA system. A plaintext stored password vulnerability exists in the Honeywell XL Web II Controller, which could allow an attacker to obtain a user's password by accessing a specific URL...
The vulnerability of Google Chrome’s browser allows a hacker to replace the URL.
The vulnerability of the ios/web/webstate/ui/crwwebcontroller.mm component in the Google Chrome browser does not guarantee that an invalid URL will be replaced with a about:blank page. Exploiting this vulnerability could allow a malicious actor to substitute a URL with a specially crafted website...
Honeywell XL Web Controller Directory Traversal Vulnerability
OVERVIEW Martin Jartelius of Outpost24 has identified a directory traversal vulnerability in Honeywell’s XL Web Controller. Honeywell has produced an update that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following XLWeb controller versions...