Lucene search
K
ZeroscienceRecent

1109 matches found

Zero Science Lab
Zero Science Lab
added 2024/10/24 12:0 a.m.321 views

ABB Cylon Aspect 3.08.02 (logYumLookup.php) Authenticated File Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The building management system suffers from an authenticated arbitrar...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/22 12:0 a.m.354 views

ABB Cylon Aspect 3.08.01 (throttledLog.php) Unauthenticated Log Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated log...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/22 12:0 a.m.354 views

ABB Cylon Aspect 3.08.01 (logCriticalLookup.php) Unauthenticated Log Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated log...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/21 12:0 a.m.346 views

ABB Cylon Aspect 3.08.01 (persistenceManagerAjax.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated OS command...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/18 12:0 a.m.316 views

ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated OS command...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/17 12:0 a.m.321 views

ABB Cylon Aspect 3.08.01 (networkDiagAjax.php) Remote Network Utility Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The vulnerability allows an unauthenticated attacker to perform netwo...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/16 12:0 a.m.381 views

ABB Cylon Aspect 3.08.01 (mapConfigurationDownload.php) Config Download

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/14 12:0 a.m.330 views

ABB Cylon Aspect 3.08.00 (sslCertAjax.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/12 12:0 a.m.328 views

ABB Cylon Aspect 3.08.00 (yumSettings.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/11 12:0 a.m.270 views

ABB Cylon Aspect 3.08.00 (dialupSwitch.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/11 12:0 a.m.399 views

ABB Cylon Aspect 3.07.02 (user.properties) Default Credentials

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller uses a weak set of default administrative...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/10 12:0 a.m.228 views

ABB Cylon Aspect 3.07.02 (sshUpdate.php) Unauthenticated Remote SSH Service Control

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from a vulnerability that allows an...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/10 12:0 a.m.222 views

ABB Cylon Aspect 3.08.01 (persistenceManagerAjax.php) Directory Traversal

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller has a directory traversal vulnerability that c...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/07 12:0 a.m.338 views

ABB Cylon Aspect 3.08.00 (syslogSwitch.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/07 12:0 a.m.266 views

ABB Cylon Aspect 3.08.01 (calendarFileDelete.php) Arbitrary File Deletion

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from an arbitrary file deletion...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/06 12:0 a.m.277 views

ABB Cylon Aspect 3.08.00 (setTimeServer.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/06 12:0 a.m.238 views

ABB Cylon Aspect 3.08.01 (logYumLookup.php) Unauthenticated File Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The building management system suffers from an unauthenticated...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/06 12:0 a.m.233 views

ABB Cylon Aspect 3.08.01 (caldavUtil.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated OS command...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/04 12:0 a.m.431 views

ABB Cylon Aspect 3.07.02 (downloadDb.php) Authenticated File Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The building management system suffers from an authenticated arbitrar...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/09/26 12:0 a.m.312 views

ABB Cylon Aspect 3.07.01 (config.inc.php) Hard-coded Credentials in phpMyAdmin

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller is operating with default and hard-coded...

8.8CVSS5.8AI score0.01511EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2024/09/24 12:0 a.m.376 views

ABB Cylon Aspect 3.07.00 (networkDiagAjax.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated OS command...

9.8CVSS7.5AI score0.0136EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2024/09/23 12:0 a.m.294 views

ABB Cylon Aspect 3.08.01 (bigUpload.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from a remote code execution...

10CVSS8AI score0.1901EPSS
Exploits4
Zero Science Lab
Zero Science Lab
added 2024/09/23 12:0 a.m.378 views

ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Arbitrary File Delete

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from an arbitrary file deletion...

10CVSS5.9AI score0.17159EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2024/08/20 12:0 a.m.477 views

Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure

Summary Vandal-resistant Door Phone for High-end Buildings. Offering top-of-the-line features, Akuvox X912 is targeted at high-end residential and commercial projects. With a compact size, it is perfect for buildings with limited installation space. Description The application suffers from an...

8.7CVSS5.8AI score0.00349EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2024/07/03 12:0 a.m.333 views

Deep Sea Electronics DSE855 Remote Authentication Bypass

Summary The DSE855 communications device allows monitoring of a single DSE controller with USB connectivity over a LAN or WAN connection. To achieve this the DSE855 utilises its in-built web server or MODBUS TCP. In order to use over a LAN connection the on-site router must be configured to be...

6.5CVSS6.5AI score0.02418EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2024/05/30 12:0 a.m.283 views

Aquatronica Control System 5.1.6 Passwords Leak Vulnerability

Summary Aquatronica's electronic AQUARIUM CONTROLLER is easy to use, allowing you to control all the electrical devices in an aquarium and to monitor all their parameters; it can be used for soft water aquariums, salt water aquariums or both simultaneously. Description The tcp.php endpoint on the...

9.3CVSS5.8AI score0.01443EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2024/04/17 12:0 a.m.320 views

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config

Summary The SIGNUM controller from Elber satellite equipment demodulates one or two DVB-S/ S2 signals up to 32APSK single/multi-stream, achieving 256 KS/s as minimum symbol rate. The TS demodulated signals can be aligned and configured in 1+1 seamless switching for redundancy. Redundancy can also...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/04/17 12:0 a.m.250 views

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Summary The SIGNUM controller from Elber satellite equipment demodulates one or two DVB-S/ S2 signals up to 32APSK single/multi-stream, achieving 256 KS/s as minimum symbol rate. The TS demodulated signals can be aligned and configured in 1+1 seamless switching for redundancy. Redundancy can also...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/04/17 12:0 a.m.314 views

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass

Summary Cleber offers a powerful, flexible and modular hardware and software platform for broadcasting and contribution networks where customers can install up to six boards with no limitations in terms of position or number. Based on a Linux embedded OS, it detects the presence of the boards and...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/04/17 12:0 a.m.295 views

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config

Summary The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a basic chassis with 4 extractable boards which makes maintenance and critical operations, like frequency modification, easy and efficient. The modular approach has...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/04/17 12:0 a.m.280 views

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass

Summary The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a basic chassis with 4 extractable boards which makes maintenance and critical operations, like frequency modification, easy and efficient. The modular approach has...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/04/17 12:0 a.m.314 views

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config

Summary Cleber offers a powerful, flexible and modular hardware and software platform for broadcasting and contribution networks where customers can install up to six boards with no limitations in terms of position or number. Based on a Linux embedded OS, it detects the presence of the boards and...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/04/17 12:0 a.m.395 views

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config

Summary ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and distribution market, where quality and reliability are most important. The Elber IRD Integrated Receiver Decoder ESE-01 offers a professional audio quality and composite video at an excellent...

8.7CVSS5.8AI score0.00494EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2024/04/17 12:0 a.m.281 views

Elber Wayber Analog/Digital Audio STL 4.00 Device Config

Summary Wayber II is the name of an analogue/digital microwave link able to transport a Mono or a MPX stereo signal from studio to audio transmitter. Compact and reliable, it features very high quality and modern technology both in signal processing and microwave section leading to outstanding...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/04/17 12:0 a.m.305 views

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

Summary Wayber II is the name of an analogue/digital microwave link able to transport a Mono or a MPX stereo signal from studio to audio transmitter. Compact and reliable, it features very high quality and modern technology both in signal processing and microwave section leading to outstanding...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/04/17 12:0 a.m.286 views

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass

Summary ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and distribution market, where quality and reliability are most important. The Elber IRD Integrated Receiver Decoder ESE-01 offers a professional audio quality and composite video at an excellent...

9.8CVSS5.8AI score0.03523EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2024/04/04 12:0 a.m.304 views

Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit

Summary The TRA7000 series is a set of products dedicated to broadcast, designed to guarantee an excellent quality-price ratio in compliance with current regulations and intended for individual broadcasters or radio networks. All models in the TRA7000 series are fully digital, using only...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/02/23 12:0 a.m.425 views

Tosibox Key Service 3.3.0 Local Privilege Escalation

Summary TOSIBOX® SoftKey is a software that enables a secure connection between your computer and one or more TOSIBOX® Nodes, giving you full visibility and control over the network devices connected to the Node. Description The application suffers from an unquoted search path issue impacting the...

8.5CVSS6.2AI score0.00197EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2024/01/31 12:0 a.m.319 views

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account

Summary Professional FM transmitters. Description The transmitter has a hidden super administrative account 'factory' that has the hardcoded password 'inokram25' that allows full access to the web management interface configuration. The factory account is not visible in the users page of the...

9.8CVSS5.8AI score0.00524EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2024/01/31 12:0 a.m.303 views

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password

Summary Professional FM transmitters. Description Unauthorized user could exploit this vulnerability to change his/her password, potentially gaining unauthorized access to sensitive information or performing actions beyond her/his designated permissions. TELSAT marKoni FM Transmitter 1.9.5 Insecu...

9.8CVSS5.8AI score0.00467EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2024/01/31 12:0 a.m.309 views

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass

Summary Professional FM transmitters. Description The application implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations. TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vendor: TELSAT Srl Product web...

9.8CVSS5.8AI score0.00567EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2024/01/30 12:0 a.m.299 views

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit

Summary Professional FM transmitters. Description The marKoni FM transmitters are susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the 'wget'...

9.3CVSS6.4AI score0.01211EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2023/12/03 12:0 a.m.295 views

OctoberCMS v3.4.0 (Author) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2023/12/03 12:0 a.m.297 views

OctoberCMS v3.4.0 (Wiki_article) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2023/12/03 12:0 a.m.288 views

OctoberCMS v3.4.0 (Blog) Stored Cross-Site Scripting Vulnerabilities

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2023/12/03 12:0 a.m.292 views

OctoberCMS v3.4.0 (Category) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2023/12/03 12:0 a.m.304 views

OctoberCMS v3.4.0 (About) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2023/12/03 12:0 a.m.321 views

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

Summary R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Description The transmitter suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user...

8.7CVSS5.8AI score0.0039EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2023/11/25 12:0 a.m.386 views

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

Summary The Atemio AM 520 HD Full HD satellite receiver enables the reception of digital satellite programs in overwhelming image quality in both SD and HD ranges. In addition to numerous connections, the small all-rounder offers a variety of plugins that can be easily installed thanks to the lar...

9.3CVSS5.9AI score0.01578EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2023/10/25 12:0 a.m.309 views

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution

Summary This new line of Opera plus FM Transmitters combines very high efficiency, high reliability and low energy consumption in compact solutions. They have innovative functions and features that can eliminate the costs required by additional equipment: automatic exchange of audio sources,...

9.3CVSS6AI score0.0059EPSS
Exploits1
Total number of security vulnerabilities1109