CVE-2020-15046

The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/configuser.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88...

CVE-2024-38861

Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4amk through 2.0a...

SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.supermicro.com/ Version: X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware...

SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)

Exploit Title: SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Date: 2020-07-15 Vendor Homepage: https://www.supermicro.com/ Version: X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 CVE: CVE-2020-15046 Source:...

SuperMicro IPMI 03.40 Cross Site Request Forgery

Exploit Title: SuperMicro IPMI 03.40 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.supermicro.com/ Software Link: https://www.supermicro.com/en/solutions/management-software/bmc-resources Version: X10DRH-iT motherboards with BIOS 2.0a and...

SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)

Exploit Title: SuperMicro IPMI 03.40 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.supermicro.com/ Software Link: https://www.supermicro.com/en/solutions/management-software/bmc-resources Version: X10DRH-iT motherboards with BIOS 2.0a and...

CVE-2020-15046

The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/configuser.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88...

Cross site request forgery (csrf)

The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/configuser.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88...

Open Source CAN Network Analysis: BUSMASTER

Open Source CAN Network Analysis BUSMASTER is an open source PC software for the design, monitoring, analysis, and simulation of CAN networks. Using its powerful functions and user-programmability one can simulate CAN system of any complexity. Additionally it provides options to analyze data byte...

Stack overflow

Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 pub/modules/d/top.html; 2 /pub/modules/a/access.html;...

CVE-2006-5251

PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

Deep CMS 2.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/20402/info Deep CMS is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with th...

Deep CMS 2.0 - index.php Remote File Inclusion

Deep CMS 2.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/20402/info Deep CMS is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Cross site scripting

Cross-site scripting XSS vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the 1 Referer or 2 X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats...

CVE-2005-2325

Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...

CVE-2005-2325

Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...

CVE-2005-2326

Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php...

cleverXSS.txt

Clever copy 'calendar.php' 'yr' variable cross site scripting vendor url:http://clevercopy.bestdirectbuy.com advisory:http://lostmon.blogspot.com/2005/07/ clever-copy-calendarphp-yr-variable.html vendor notify: yes exploit available:yes Clever Copy is a free, fully scalable web site portal and ne...