177 matches found
CVE-2024-8527 ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter
Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...
PT-2025-47454
Name of the Vulnerable Software and Affected Versions Automated Logic WebCTRL and Carrier i-Vu versions 6.0 through 9.0 Description An open redirect exists due to a flaw in a URL parameter. This could allow attackers to exploit user sessions. Recommendations Versions 6.0 through 9.0 should be...
Automated Logic WebCtrl和Carrier i-Vu 安全漏洞
Automated Logic WebCtrl is a server for web-based building automation systems from Automated Logic, Inc. and Carrier i-Vu is a building management system platform from Carrier Corporation. A security vulnerability exists in Automated Logic WebCtrl and Carrier i-Vu that stems from not cleaning up...
PT-2025-47455
Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...
EUVD-2018-20428
Malware in sbrugna...
EUVD-2020-11660
Malware in sbrugna...
EUVD-2017-18571
Malware in sbrugna...
EUVD-2024-49548
Malicious code in bioql PyPI...
EUVD-2024-49547
Malicious code in bioql PyPI...
EUVD-2022-24369
Malicious code in bioql PyPI...
5V Technologies Blue Angel Software Suite 操作系统命令注入漏洞
5V Technologies Blue Angel Software Suite is a management and control software suite deployed on embedded Linux devices from 5V Technologies, Taiwan, China. A security vulnerability exists in 5V Technologies Blue Angel Software Suite that originates from an OS command injection attack due to an...
CVE-2024-8526
A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"...
CVE-2022-1019
Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file...
CVE-2020-19762
Automated Logic Corporation ALC WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request...
Carrier Corporation i-VU URL Redirection to Untrusted Site (CVE-2024-8526)
CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists which could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, results in the redirection of the user to a malicious webpage via 'index.jsp' This plugin only works...
Automated Logic WebCTRL Premium Server Unrestricted Upload of File with Dangerous Type (CVE-2024-8525)
CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists which could allow an unauthenticated user to upload files of dangerous types without restrictions, leading to remote command execution. This plugin only works with Tenable.ot. Please visit...
Automated Logic WebCTRL Premium Server Unrestricted Upload of File with Dangerous Type (CVE-2024-8525)
CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists which could allow an unauthenticated user to upload files of dangerous types without restrictions, leading to remote command execution. This plugin only works with Tenable.ot. Please visit...
Automated Logic WebCTRL Premium Server Unrestricted Upload of File with Dangerous Type (CVE-2024-8525)
CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists which could allow an unauthenticated user to upload files of dangerous types without restrictions, leading to remote command execution. This plugin only works with Tenable.ot. Please visit...
CVE-2024-8525
An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...
CVE-2024-8526
A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"...