Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
david castro vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2007-6342
SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote malicious users to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
David Castro Apache Authcas 0.4
446
VMScore
CVE-2018-16668
An issue exists in CIRCONTROL CirCarLife prior to 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
Circontrol Circarlife Scada
356
VMScore
CVE-2018-16672
An issue exists in CIRCONTROL CirCarLife prior to 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
Circontrol Circarlife Scada
445
VMScore
CVE-2018-16669
An issue exists in CIRCONTROL Open Charge Point Protocol (OCPP) prior to 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp a...
Circontrol Open Charge Point Protocol
446
VMScore
CVE-2018-16670
An issue exists in CIRCONTROL CirCarLife prior to 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
Circontrol Circarlife Scada
446
VMScore
CVE-2018-16671
An issue exists in CIRCONTROL CirCarLife prior to 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
Circontrol Circarlife Scada
505
VMScore
CVE-2018-8880
Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.
Lutron Quantum Bacnet Integration Firmware 3.2.243
1 EDB exploit
505
VMScore
CVE-2018-12634
CirCarLife Scada prior to 4.3 allows remote malicious users to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
Circontrol Circarlife Scada
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started