|
225331
|
7.5 |
HIGH
Network
|
blaauwproducts
|
remote_kiln_control
|
Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234).
|
CWE-521
Weak Password Requirements
|
CVE-2019-18872
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225332
|
8.8 |
HIGH
Network
|
blaauwproducts
|
remote_kiln_control
|
A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execu…
|
CWE-22
Path Traversal
|
CVE-2019-18871
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225333
|
6.5 |
MEDIUM
Network
|
blaauwproducts
|
remote_kiln_control
|
A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.
|
CWE-22
Path Traversal
|
CVE-2019-18870
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225334
|
9.8 |
CRITICAL
Network
|
blaauwproducts
|
remote_kiln_control
|
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.
|
NVD-CWE-Other
|
CVE-2019-18869
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225335
|
7.5 |
HIGH
Network
|
blaauwproducts
|
remote_kiln_control
|
Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database.
|
CWE-89
SQL Injection
|
CVE-2019-18866
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225336
|
7.5 |
HIGH
Network
|
blaauwproducts
|
remote_kiln_control
|
/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine.
|
NVD-CWE-noinfo
|
CVE-2019-18864
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225337
|
9.8 |
CRITICAL
Network
|
blaauwproducts
|
remote_kiln_control
|
Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-18868
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225338
|
7.5 |
HIGH
Network
|
blaauwproducts
|
remote_kiln_control
|
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /…
|
CWE-200
Information Exposure
|
CVE-2019-18867
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225339
|
5.3 |
MEDIUM
Network
|
blaauwproducts
|
remote_kiln_control
|
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-18865
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225340
|
9.8 |
CRITICAL
Network
|
wisc
fedoraproject
debian
|
htcondor
fedora
debian_linux
|
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administra…
|
CWE-287
Improper Authentication
|
CVE-2019-18823
|
2024-11-21 13:33 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
