WEMS BEMS version 21.3.1 has an undocumented backdoor account that is Base64 encoded. These sets of credentials are never exposed to the end-user and cannot be changed through any normal…
>> CATEGORY: exploit
HomeAutomation version 3.3.2 suffers from persistent and reflective cross site scripting vulnerabilities.
MyDomoAtHome REST API is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain…
HomeAutomation version 3.3.2 authentication bypass exploit.
Local root exploit for the FreeBSD mqueuefs vulnerability as disclosed in FreeBSD-SA-19:15.mqueuefs.
Local root exploit for the FreeBSD fd vulnerability as disclosed in FreeBSD-SA-19:02.fd.
HomeAutomation version 3.3.2 suffers from a cross site request forgery vulnerability.
HomeAutomation version 3.3.2 suffers from a cross site request forgery vulnerability that allows for remote command execution.
HomeAutomation version 3.3.2 suffers from an open redirection vulnerability.
Thrive Smart Home version 1.1 suffers from a cross site scripting vulnerability.