Remote Kiln Control@* Security Vulnerabilities and Issues — Remote Kiln Control@* CVE List

Lucene search

BlaauwproductsRemote Kiln Control*

4 matches found

CVE•added 2020/05/07 1:15 p.m.•34 views

CVE-2019-18867

Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/.

7.5CVSS7.5AI score0.00316EPSS

CVE•added 2020/05/07 2:15 p.m.•30 views

CVE-2019-18869

Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.

9.8CVSS9.6AI score0.00433EPSS

CVE•added 2020/05/07 1:15 p.m.•28 views

CVE-2019-18865

Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.

5.3CVSS5.5AI score0.00428EPSS

CVE•added 2020/05/07 2:15 p.m.•27 views

CVE-2019-18870

A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.

6.5CVSS6.4AI score0.00727EPSS