Default credentials

TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...

TP-Link Archer C5 Remote Command Execution Vulnerability

TP-LINK Archer C5 is a wireless router product from China P&L TP-LINK. A security vulnerability exists in TP-Link Archer C5 V2160201US and previous versions. The vulnerability can be exploited by an attacker to execute commands with the help of the 'wandynhostname' parameter of the configuration...

[SECURITY] Fedora 29 Update: libconfuse-3.2.2-1.fc29

libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and lists of values strings, integers, floats, booleans or other sections, as well as some other features such as single/double-quoted strings, environment variab...

[SECURITY] Fedora 27 Update: libconfuse-3.2.2-1.fc27

libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and lists of values strings, integers, floats, booleans or other sections, as well as some other features such as single/double-quoted strings, environment variab...

Default credentials

Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password...

CVE-2018-16222

Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password...

CVE-2018-16222

Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password...

CVE-2018-16222

The CVE-2018-16222 entry affects the iSmartAlarm Android app (up to version 2.0.8). The issue is cleartext storage of credentials in the iSmartAlarmData.xml configuration file, which can allow an attacker to retrieve the username and password. The connected documents confirm affected product comp...

TP-Link Archer C50 Wireless Router 171227 - CSRF (Configuration File Disclosure) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Hardware Version: Archer C50 v3 00000001 Firmware Link:...

TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)

TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Exploit Title: TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Date: 2018-11-07 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com...

TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)

Exploit Title: TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Date: 2018-11-07 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Hardware Version: Archer C50 v3 00000001 Firmware Link:...

Default configuration

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

Design/Logic Flaw

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...

CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

CVE-2018-16845

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...

CVE-2018-16845

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...

CVE-2018-16843

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

FreeBSD : NGINX -- Multiple vulnerabilities (84ca56be-e1de-11e8-bcfd-00e04c1ea73d)

NGINX Team reports : Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption CVE-2018-16843 and CPU usage CVE-2018-16844. The issues affect nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the...

AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Software, LLC. AVEVA Equipment: InduSoft Web Studio and InTouch Edge HMI formerly InTouch Machine Edition Vulnerabilities: Stack-based Buffer Overflow, Empty Password in Configuration File 2...

ZyXEL VMG3312-B10B Backdoor Root Account Vulnerability

The VMG3312-B10B is a Wireless N VDSL2 4-port gateway with USB from ZyXEL. A backdoor root account vulnerability exists in the ZyXEL VMG3312-B10B 1.00 AAPP.7. An attacker can exploit this vulnerability to access this backdoor root account via a tTn3+Z@!Sr0O+ password hash in the etc/default.cfg...