IDCVSSSummaryLast (major) updatePublished
CVE-2019-18864 5.0
/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine.
21-07-2021 - 11:39 07-05-2020 - 14:15
CVE-2019-18868 5.0
Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.
21-07-2021 - 11:39 07-05-2020 - 13:15
CVE-2019-18867 5.0
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /la
12-05-2020 - 19:18 07-05-2020 - 13:15
CVE-2019-18865 5.0
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.
21-07-2021 - 11:39 07-05-2020 - 13:15
CVE-2019-18869 7.5
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.
12-05-2020 - 19:10 07-05-2020 - 14:15
CVE-2019-18870 4.0
A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.
12-05-2020 - 19:19 07-05-2020 - 14:15
Back to Top Mark selected
Back to Top