Lucene search
K
ZeroscienceRecent

1109 matches found

Zero Science Lab
Zero Science Lab
added 2022/03/21 12:0 a.m.403 views

ICT Protege GX/WX 2.08 Authenticated Stored XSS Vulnerability

Summary Protege GX is an enterprise level integrated access control, intrusion detection and building automation solution with a feature set that is easy to operate, simple to integrate and effortless to extend. Protege WX is an all-in-one, web-based, cross-platform system that gives you a fully...

5.4CVSS6.4AI score0.00447EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2022/02/22 12:0 a.m.439 views

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD

Summary Scadaflex II controllers are 100% web based for both configuration and user interface. No applications are required other than any standard web browser. They are easily supported by remote access over the Internet or a cellular link. Scadaflex II controllers support industry standard wire...

9.1CVSS7.6AI score0.37295EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2022/02/12 12:0 a.m.413 views

H3C SSL VPN Username Enumeration

Summary H3C SSL VPN is a secure VPN system based on SSL connections. It allows mobile employees to access corporate networks remotely in an easy and secure way. The H3C SSL VPN devices are a new generation of professional SSL VPN devices for enterprises. They can function as ingress gateways as...

7.5CVSS5.8AI score0.00315EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2022/01/27 12:0 a.m.238 views

Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption (Denial of Service)

Summary Fetch is a reliable, full-featured file transfer client for the Apple Macintosh whose user interface emphasizes simplicity and ease of use. Fetch supports FTP and SFTP, the most popular file transfer protocols on the Internet for compatibility with thousands of Internet service providers,...

7.5CVSS5.8AI score0.00358EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2022/01/16 12:0 a.m.289 views

OpenBMCS 2.4 CSRF Send E-mail

Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...

5.3CVSS5.8AI score0.00165EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2022/01/16 12:0 a.m.314 views

OpenBMCS 2.4 Unauthenticated SSRF / RFI

Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...

7.2CVSS5.9AI score0.00281EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2022/01/16 12:0 a.m.365 views

OpenBMCS 2.4 Authenticated SQL Injection

Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...

8.7CVSS6AI score0.00356EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2022/01/16 12:0 a.m.302 views

OpenBMCS 2.4 Create Admin / Remote Privilege Escalation

Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...

8.8CVSS5.8AI score0.0042EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2022/01/16 12:0 a.m.311 views

OpenBMCS 2.4 Secrets Disclosure

Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...

8.7CVSS5.8AI score0.00478EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2021/12/13 12:0 a.m.162 views

Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control

Summary CLOKI is the pre-installed application on our terminals that provides simple to use access control management and attendance monitoring using any browser IE, Chrome, Firefox, etc.. It is suited for anyone looking for a stand-alone Access Control and Attendance Monitoring system where the...

5.1CVSS5.8AI score0.00176EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/12/13 12:0 a.m.209 views

meterN v1.2.3 Authenticated Remote Command Execution Vulnerability

Summary meterN is a set of PHP/JS files that make a -Home energy metering & monitoring- solution. It accept any meters like : electrical, water, gas, fuel consumption, solar, Wind energy production and so on. Sensors such as temperature or humidity are also accepted. The philosophy is: To keep it...

8.8CVSS6.2AI score0.0061EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/11/01 12:0 a.m.470 views

i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw

Summary The Annexxus camera 6MP provides 4 simultaneous, independently controlled digital pan-tilt-zoom ePTZ video streams, which may be recorded or viewed live as well as a built-in microphone and speaker allowing two way communication. Description The application doesn't allow creation of more...

8.1CVSS7.1AI score0.00974EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/10/10 12:0 a.m.452 views

Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection

Summary CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and...

8.8CVSS6AI score0.01189EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/10/10 12:0 a.m.412 views

Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root (Telnet/SSH)

Summary CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and...

9.3CVSS7.3AI score0.00282EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/27 12:0 a.m.272 views

FatPipe Networks WARP 10.2.2 Authorization Bypass

Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...

5.3CVSS6AI score0.02703EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/27 12:0 a.m.323 views

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download

Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...

7.5CVSS7AI score0.01794EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/27 12:0 a.m.272 views

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation

Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...

8.8CVSS7.3AI score0.01604EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/27 12:0 a.m.386 views

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit

Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...

9.8CVSS7.2AI score0.39824EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2021/09/27 12:0 a.m.252 views

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access)

Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...

9.8CVSS7.2AI score0.05598EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.272 views

ECOA Building Automation System Hidden Backdoor Accounts and backdoor() Function

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

9.8CVSS7.3AI score0.00949EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.250 views

ECOA Building Automation System Local File Disclosure Vulnerability

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

7.5CVSS7.3AI score0.20084EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.211 views

ECOA Building Automation System Path Traversal Arbitrary File Upload

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

10CVSS7.8AI score0.02248EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.267 views

ECOA Building Automation System Directory Traversal Content Disclosure

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

7.5CVSS7.2AI score0.79441EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.221 views

ECOA Building Automation System Weak Default Credentials

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

9.8CVSS7.3AI score0.00919EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.230 views

ECOA Building Automation System Arbitrary File Deletion

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

9.1CVSS7.4AI score0.01147EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.280 views

ECOA Building Automation System Authorization Bypass / IDOR

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

8.8CVSS7.4AI score0.00842EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.252 views

ECOA Building Automation System Cross-Site Request Forgery

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

8.8CVSS7.3AI score0.00415EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.277 views

ECOA Building Automation System Cookie Poisoning Authentication Bypass

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

9.8CVSS7.3AI score0.01134EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.219 views

ECOA Building Automation System Configuration Download Information Disclosure

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

10CVSS7.3AI score0.01926EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.226 views

ECOA Building Automation System Hard-coded Credentials SSH Access

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

10CVSS7.3AI score0.01989EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.227 views

ECOA Building Automation System Missing Encryption Of Sensitive Information

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

7.3CVSS7.2AI score0.00415EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/09/08 12:0 a.m.217 views

ECOA Building Automation System Remote Privilege Escalation

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

8.8CVSS7.3AI score0.00718EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/08/15 12:0 a.m.543 views

COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass

Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application suffers from an SQL Injection vulnerability. Input passed through the 'id' POST parameter in 'loginstart.asp' is not properly...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/08/15 12:0 a.m.498 views

COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure

Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker to disclose RTSP credentials in plain-text. COMMAX Smart Home Ruvie...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/08/15 12:0 a.m.546 views

COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure

Summary COMMAX offers a wide range of proven AHD CCTV systems to meet customer needs and convenience in single or multi-family homes. Description The web control panel uses weak set of default administrative credentials that can be easily guessed in remote password attacks and disclose RTSP strea...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/08/15 12:0 a.m.567 views

COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS

Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application allows an unauthenticated attacker to change the configuration of the DVR arguments and/or cause denial-of-service scenario throug...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/08/15 12:0 a.m.463 views

COMMAX UMS Client ActiveX Control 1.7.0.2 (CNC_Ctrl.dll) Heap Buffer Overflow

Summary COMMAX activex web viewer client 32bit for COMMAX DVR/NVR. Description The vulnerability is caused due to a boundary error in the processing of user input, which can be exploited to cause a heap based buffer overflow when a user inserts overly long array of string bytes through several...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/08/15 12:0 a.m.488 views

COMMAX WebViewer ActiveX Control 2.1.4.5 (Commax_WebViewer.ocx) Buffer Overflow

Summary COMMAX activex web viewer client 32bit for COMMAX DVR/NVR. Description The vulnerability is caused due to a boundary error in the processing of user input, which can be exploited to cause a buffer overflow when a user inserts overly long array of string bytes through several functions...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/08/15 12:0 a.m.478 views

COMMAX Biometric Access Control System 1.0.0 Authentication Bypass

Summary Biometric access control system. Description The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/08/15 12:0 a.m.407 views

COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS

Summary Biometric access control system. Description The application is vulnerable to an unauthenticated reflected cross-site scripting XSS vulnerability. Input passed to the Cookies 'CMXADMINNM' and 'CMXCOMPLEXNM' is not properly sanitised before being returned to the user. This can be exploited...

6.1CVSS6AI score0.00238EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/07/30 12:0 a.m.910 views

Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password

Summary SANYO network camera and network optional board with the latest H.264 compression technology provide the optimum surveillance applications with high quality real time moving image at low bandwidth. Simultaneous stream of H.264 and JPEG data and also COAX video out to provide flexible...

8.8CVSS7.2AI score0.00332EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/07/28 12:0 a.m.457 views

Longjing Technology BEMS API 1.21 Remote Arbitrary File Download

Summary Battery Energy Management System. Description The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited t...

8.7CVSS7.3AI score0.01461EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/07/28 12:0 a.m.481 views

IntelliChoice eFORCE Software Suite v2.5.9 Username Enumeration

Summary IntelliChoice is a United States software company that was founded in 2003, and offers a software title called eFORCE Software Suite. eFORCE Software Suite is law enforcement software, and includes features such as case management, court management, crime scene management, criminal...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/07/20 12:0 a.m.388 views

KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass

Summary KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS Building Energy Management System enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of...

9.8CVSS7.6AI score0.08146EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2021/07/20 12:0 a.m.593 views

KevinLAB BEMS 1.0 Undocumented Backdoor Account

Summary KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS Building Energy Management System enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of...

9CVSS7AI score0.06719EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2021/07/20 12:0 a.m.291 views

KevinLAB BEMS 1.0 Authenticated File Path Traversal Information Disclosure

Summary KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS Building Energy Management System enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of...

6.5CVSS6.2AI score0.01415EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2021/07/04 12:0 a.m.460 views

Ricon Industrial Cellular Router S9922XL Remote Command Execution

Summary S9922L series LTE router is designed and manufactured by Ricon Mobile Inc., it based on 3G/LTE cellular network technology with industrial class quality. With its embedded cellular module, it widely used in multiple case like ATM connection, remote office security connection, data...

10CVSS7.6AI score0.02182EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/05/06 12:0 a.m.280 views

Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation

Summary Easy Anti-Cheat is the industry-leading anti–cheat service, countering hacking and cheating in multiplayer PC games through the use of hybrid anti–cheat mechanisms. Description The application suffers from an unquoted search path issue impacting the service 'EasyAntiCheat' for Windows...

8.5CVSS6.2AI score0.00168EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/04/30 12:0 a.m.97 views

Epic Games Psyonix Rocket League <=1.95 Insecure Permissions

Summary Rocket League is a high-powered hybrid of arcade-style soccer and vehicular mayhem with easy-to-understand controls and fluid, physics-driven competition. Description The application suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user tha...

8.8CVSS5.8AI score0.00209EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/04/30 12:0 a.m.160 views

Epic Games Rocket League 1.95 (AK::MemoryMgr::GetPoolName) Stack Buffer Overrun

Summary Rocket League is a high-powered hybrid of arcade-style soccer and vehicular mayhem with easy-to-understand controls and fluid, physics-driven competition. Description The game suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the...

9.3CVSS7.8AI score0.02076EPSS
Exploits2
Total number of security vulnerabilities1109