HomeAutomation 3.3.2 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
HomeAutomation version 3.3.2 suffers from persistent and reflective cross site scripting vulnerabilities.
Archive for December, 2019
MyDomoAtHome (MDAH) REST API Domoticz ISS Gateway 0.2.40 Information Disclosure
Posted by deepcore under exploit (No Respond)
MyDomoAtHome REST API is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
FreeBSD mqueuefs Privilege Escalation
Posted by deepcore under exploit (No Respond)
Local root exploit for the FreeBSD mqueuefs vulnerability as disclosed in FreeBSD-SA-19:15.mqueuefs.
HomeAutomation 3.3.2 Authentication Bypass
Posted by deepcore under exploit (No Respond)
HomeAutomation version 3.3.2 authentication bypass exploit.
FreeBSD fd Privilege Escalation
Posted by deepcore under exploit (No Respond)
Local root exploit for the FreeBSD fd vulnerability as disclosed in FreeBSD-SA-19:02.fd.
HomeAutomation 3.3.2 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
HomeAutomation version 3.3.2 suffers from a cross site request forgery vulnerability.
HomeAutomation 3.3.2 CSRF / Code Execution
Posted by deepcore under exploit (No Respond)
HomeAutomation version 3.3.2 suffers from a cross site request forgery vulnerability that allows for remote command execution.
HomeAutomation 3.3.2 Open Redirect
Posted by deepcore under exploit (No Respond)
HomeAutomation version 3.3.2 suffers from an open redirection vulnerability.
Thrive Smart Home 1.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Thrive Smart Home version 1.1 suffers from a cross site scripting vulnerability.
Thrive Smart Home 1.1 SQL Injection
Posted by deepcore under exploit (No Respond)
Thrive Smart Home version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.