Filtered by vendor Computrols
Subscribe
Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-10855 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database. | |||||
CVE-2019-10854 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Computrols CBAS 18.0.0 allows Authenticated Command Injection. | |||||
CVE-2019-10853 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 8.3 HIGH | 8.1 HIGH |
Computrols CBAS 18.0.0 allows Authentication Bypass. | |||||
CVE-2019-10852 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. | |||||
CVE-2019-10851 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Computrols CBAS 18.0.0 has hard-coded encryption keys. | |||||
CVE-2019-10850 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Computrols CBAS 18.0.0 has Default Credentials. | |||||
CVE-2019-10849 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure. | |||||
CVE-2019-10848 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Computrols CBAS 18.0.0 allows Username Enumeration. | |||||
CVE-2019-10847 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. | |||||
CVE-2019-10846 | 1 Computrols | 1 Computrols Building Automation System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter. |