CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2021/03/13 2:15 a.m.•2 views

CVE-2021-20018

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier...

4.9CVSS6.1AI score

Exploits0References1

SonicWall•added 2021/03/13 1:19 a.m.•7 views

SonicWall SMA100 post-authentication configuration export to the a specified email address

6.1CVSS6.8AI score0.00092EPSS

Citrix•added 2020/01/13 12:0 a.m.•3 views

Unable to Export the new configuration from the SD-WAN Center to the Change Management Inbox

Unable to Export the new configuration from the SD-WAN Center to the Change Management Inbox of MCN and displayed with following error message: UnderSDWANCENTERmanagement.log , the following error message can be seen as shown in the below log snippet: Log Snippet: ========== 00000:097:509:112 INF...

Exploit DB•added 2019/04/03 12:0 a.m.•230 views

Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cisco RV320 and RV325 Unauthenticated Remote Code Execution", 'Description' = %q This exploit module combines an information disclosure...

Packet Storm•added 2019/03/27 12:0 a.m.•119 views

Cisco RV320 Unauthenticated Configuration Export

Advisory: Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting discovered that the configuration of a Cisco RV320 router can still be exported without authentication via the device's web interface due to an inadequate fix by the vendor. Details ======= Product: Cisco RV320 Dual...

5CVSS0.5AI score0.94385EPSS

Exploits19

0day.today•added 2019/03/27 12:0 a.m.•208 views

Cisco RV320 Unauthenticated Configuration Export Vulnerability

The configuration of a Cisco RV320 router can still be exported without authentication via the device's web interface due to an inadequate fix by the vendor. Cisco RV320 Unauthenticated Configuration Export Vulnerability Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly...

5CVSS0.6AI score0.94385EPSS

Exploits19

Prion•added 2017/06/21 7:29 p.m.•14 views

Improper access control

An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive...

6CVSS6.6AI score0.42228EPSS

Exploits2References2

NVD•added 2017/06/21 7:29 p.m.•16 views

CVE-2017-7918

6.8CVSS6.7AI score0.42228EPSS

Exploits2References2

OSV•added 2016/10/03 6:59 p.m.•7 views

CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors...

4.3CVSS4.2AI score

NVD•added 2016/10/03 6:59 p.m.•15 views

CVE-2016-7572

4.3CVSS4.4AI score0.00252EPSS

ATTACKERKB•added 2016/10/03 6:59 p.m.•0 views

CVE-2016-7572

4.3CVSS5.6AI score0.00252EPSS

Exploits0References4

0day.today•added 2016/03/21 12:0 a.m.•47 views

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

Exploit for hardware platform in category web applications D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product UR...

Prion•added 2015/08/19 3:59 p.m.•9 views

Design/Logic Flaw

The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968...

6.8CVSS6.3AI score0.0025EPSS

Exploits0References3Affected Software1

Cvelist•added 2015/08/19 3:0 p.m.•13 views

CVE-2015-4308

5.8AI score0.0025EPSS

0day.today•added 2015/01/15 12:0 a.m.•51 views

Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection Vulnerability

Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from a HTTP header injection that allows an attacker to inject a file into the HTTP...

Packet Storm•added 2015/01/14 12:0 a.m.•36 views

Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection

Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection Overview Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from ...

0.3AI score

OpenVAS•added 2011/05/12 12:0 a.m.•53 views

Multiple ZyWALL USG Products Remote Security Bypass Vulnerability - Active Check

Multiple ZyWALL USG products are prone to a security bypass vulnerability. Note: Reportedly, the firmware is also prone to a weakness that allows password-protected upgrade files to be decrypted with a known plaintext attack. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might ...

7.4AI score

Exploits0References2

securityvulns•added 2011/05/05 12:0 a.m.•72 views

[RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances

Advisory: Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances Unauthenticated users with access to the management web interface of certain ZyXEL ZyWALL USG appliances can download and upload configuration files, that are applied automatically. Details =======...

0.5AI score

Packet Storm•added 2011/05/04 12:0 a.m.•51 views

ZyWALL USG Appliance Arbitrary File Read / Write

0.8AI score