EUVD-2026-12600

The GL-iNet Comet GL-RM1 KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

EUVD-2005-3467

Malware in sbrugna...

MAL-2025-46899 Malicious code in console_auth (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8c545bd0ca0111537f9336af6eeeef4e580a90a7468ff22cf9b1b20dd3fcf51d The OpenSSF Package Analysis project identified 'consoleauth' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The packag...

Cisco Small Business SPA300 and SPA500 Series IP Phones Local Code Execution (CVE-2014-3312)

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435...

PT-2024-5369 · Skupper · Skupper

Name of the Vulnerable Software and Affected Versions: Skupper affected versions not specified Description: A flaw was found in Skupper that may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. This issue arises when Skupper is initialized with the...

InHand Networks InRouter302 安全漏洞

The InHand Networks InRouter302 is an LTE cellular router from InHand Networks USA. A security vulnerability exists in the InHand Networks InRouter302 version V3.5.45, which stems from a remaining debug code vulnerability in the console authentication feature...

CVE-2022-25329

Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated...

CVE-2022-25329

Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated...

Cisco IOS XE elevation of privilege vulnerability (CNVD-2021-22457)

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An elevation of privilege vulnerability exists in role-based access control for SD-WAN in Cisco IOS XE. The vulnerability stems from the use of a default configuration for console...

CVE-2021-1371

A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs...

Cisco IOS XE SD-WAN Software 默认配置问题漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An elevation of privilege vulnerability exists in role-based access control for SD-WAN in Cisco IOS XE. The vulnerability stems from the use of a default configuration for console...

Cisco 809 Industrial ISRs, 829 Industrial ISRs, and Cisco CGR1000 IOS Software Trust Management Issue Vulnerabilities

Cisco 1000 Series Connected Grid Routers CGR1000 is a 1000 Series Internet Grid Router from Cisco. A trust management issue exists in the virtual console authentication of the IOS Software in Cisco 809 Industrial ISRs, 829 Industrial ISRs, and Cisco CGR1000. The vulnerability stems from the...

CVE-2020-1618

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command...

UBUNTU-CVE-2015-9543

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is...

AWS Auditing & Hardening Tool: Zeus

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...

CVE-2012-3347

AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment...

CVE-2005-3468

Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files...

CVE-2005-3468

Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files...

Voyant Technologies Sonata conferencing vulnerabilties.

Please Release Vulnerability Report For Voyant Technologies Sonata Conferencing product. Larry W. Cashdollar Vapid Labs Date Published: 11/07/2000 Advisory ID: 10132000-01 CVE CAN: None currently assigned. Title: Multiple Vulnerabilities found in Sonata teleconferencing Application. Class: Design...