daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More reference

patch-1
Noam Rathaus 2021-10-14 16:30:44 +03:00
parent 09de143099
commit 16dd5c6e8e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vulnerabilities/other/ecoa-building-automation-lfd.yaml
View File

@ -4,7 +4,9 @@ info:
author: 0x_Akoko
severity: high
description: The BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
- https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
tags: ecoa,lfi,cve-2021-41293
requests: