Filtered by vendor Blaauwproducts
Subscribe
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18871 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. | |||||
| CVE-2019-18872 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). | |||||
| CVE-2019-18868 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. | |||||
| CVE-2019-18870 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine. | |||||
| CVE-2019-18864 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. | |||||
| CVE-2019-18869 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. | |||||
| CVE-2019-18865 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. | |||||
| CVE-2019-18866 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. | |||||
| CVE-2019-18867 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/. | |||||