David Castro

7 exploits Active since Apr 2018
CVE-2018-16672 EXPLOITDB MEDIUM python WORKING POC
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
CVSS 6.5
CVE-2018-16671 EXPLOITDB MEDIUM python WORKING POC
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
CVSS 5.3
CVE-2018-16670 EXPLOITDB MEDIUM python WORKING POC
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
CVSS 5.3
CVE-2018-16669 EXPLOITDB CRITICAL python WORKING POC
CIRCONTROL OCPP <1.5.0 - Info Disclosure
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
CVSS 9.8
CVE-2018-16668 EXPLOITDB MEDIUM python WORKING POC
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
CVSS 5.3
CVE-2018-12634 EXPLOITDB CRITICAL python WORKING POC
CirCarLife Scada <4.3 - Info Disclosure
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
CVSS 9.8
CVE-2018-8880 EXPLOITDB HIGH python WORKING POC
Lutron Quantum BACnet Integration <3.2.243 - Info Disclosure
Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.
CVSS 7.5