CBAS-Web 19.0.0 is vulnerable to username enumeration. An attacker can send a POST request to the /cbas/index.php?m=auth&a=login endpoint with a valid username and an empty password. If the username is valid, the response will contain an error message indicating that the username/password combination is invalid. If the username is invalid, the response will contain the username in an error message.
CBAS-Web 19.0.0 is vulnerable to an information disclosure vulnerability due to the presence of hardcoded credentials in the restore_sql_db.sh script. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information.
CBAS-Web Unauthenticated Remote Command Injection Exploit is a vulnerability that affects versions 19.0.0 and below. It uses two vulnerabilities for executing commands: an authorization bypass in the auth module (CVE-2019-10853) and a code execution vulnerability in the json.php endpoint (CVE-2019-10854).
A vulnerability in the eMerge E3 Access Controller 4.6.07 allows an attacker to gain root access to the system by exploiting a vulnerability in the SSH protocol. The vulnerability can be exploited by sending a specially crafted SSH packet to the target system. Once the packet is received, the attacker can gain root access to the system.
This exploit allows for full remote code execution on the Linear eMerge50P/5000P 4.6.07, including escalating to root privileges. It is tested on macOS 10.13.6 and requires a custom session file to be uploaded and executed.
eMerge E3 1.00-06 is vulnerable to Reflected Cross-Site Scripting (XSS) when the 'layout' parameter is supplied with malicious JavaScript code. An attacker can exploit this vulnerability by tricking an authenticated user into clicking a malicious link. The malicious link contains the malicious JavaScript code in the 'layout' parameter. When the user clicks the link, the malicious code is executed in the user's browser.
An arbitrary file upload vulnerability exists in eMerge E3 1.00-06. An attacker can exploit this vulnerability to upload a malicious file and execute arbitrary code on the server. This vulnerability is due to insufficient validation of the file type when uploading a file. An attacker can exploit this vulnerability by sending a malicious file with a double extension such as .php.jpg. This will bypass the validation and allow the attacker to upload the malicious file.
Nortek Linear eMerge E3 Access Control Cross-Site Request Forgery is a vulnerability that allows an attacker to perform malicious actions on behalf of a legitimate user. This vulnerability can be exploited by sending a maliciously crafted request to the vulnerable system. The malicious request can be used to add a super user, change the admin password, or perform other malicious actions.
An unauthenticated attacker can execute arbitrary code on the eMerge E3 1.00-06 system by sending a specially crafted HTTP request to the card_scan.php page. This vulnerability is due to insufficient input validation of the No and ReaderNo parameters. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable system.
eMerge E3 1.00-06 is vulnerable to privilege escalation. An attacker can exploit this vulnerability by sending a malicious POST request to the web server. This request will add a new user with administrator privileges. An attacker can also disclose the existing users by sending a malicious GET request to the web server.
Services By CQR