Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
david castro vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-6342
SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote malicious users to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
David Castro Apache Authcas 0.4
5.3
CVSSv3
CVE-2018-16668
An issue exists in CIRCONTROL CirCarLife prior to 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
Circontrol Circarlife Scada
9.8
CVSSv3
CVE-2018-16669
An issue exists in CIRCONTROL Open Charge Point Protocol (OCPP) prior to 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp a...
Circontrol Open Charge Point Protocol
5.3
CVSSv3
CVE-2018-16671
An issue exists in CIRCONTROL CirCarLife prior to 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
Circontrol Circarlife Scada
6.5
CVSSv3
CVE-2018-16672
An issue exists in CIRCONTROL CirCarLife prior to 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
Circontrol Circarlife Scada
5.3
CVSSv3
CVE-2018-16670
An issue exists in CIRCONTROL CirCarLife prior to 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
Circontrol Circarlife Scada
9.8
CVSSv3
CVE-2018-12634
CirCarLife Scada prior to 4.3 allows remote malicious users to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
Circontrol Circarlife Scada
1 EDB exploit
7.5
CVSSv3
CVE-2018-8880
Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.
Lutron Quantum Bacnet Integration Firmware 3.2.243
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started