108 matches found
New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials
Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers MFPs that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol LDAP and SMB/FTP services. "This pass-back style attack leverages a...
CVE-2024-8264
Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled...
Fortra Robot Schedule Enterprise Agent 安全漏洞
Fortra Robot Schedule Enterprise Agent is a component of Fortra's Enterprise Task Scheduler software. A security vulnerability exists in Fortra Robot Schedule Enterprise Agent versions prior to 3.05 that stems from FTP username and password information being written to the agent log file when...
Multiple DVR Manufacturers Configuration Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multiple DVR Manufacturers Configuration Disclosure', 'Description' = %q This module takes advantage of an authentication bypass vulnerability at...
SyroTech SY-GPON-1110-WDONT Information Disclosure Vulnerability
The SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. The SyroTech SY-GPON-1110-WDONT suffers from an information disclosure vulnerability that originates from FTP credentials stored in plain text in the SquashFS-root file system associated with the router's firmware. An attacker...
CVE-2024-41691
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary...
CVE-2024-41691 Insecure Storage of Sensitive Information Vulnerability
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary...
CVE-2024-41691 Insecure Storage of Sensitive Information Vulnerability
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary...
CVE-2024-41691
CVE-2024-41691 affects SyroTech SY-GPON-1110-WDONT router. Affected component: firmware SquashFS-root stores FTP credentials in plaintext, enabling an attacker with physical access to extract firmware, reverse‑engineer data, and access the FTP server credentials. Impact: unauthorized FTP access a...
BIT-WORDPRESS-2024-31210 PHP file upload bypass via Plugin installer
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...
BIT-WORDPRESS-MULTISITE-2024-31210 PHP file upload bypass via Plugin installer
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...
CVE-2024-31210
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...
CVE-2024-31210 PHP file upload bypass via Plugin installer
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...
CVE-2024-31210 PHP file upload bypass via Plugin installer
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...
CVE-2024-31210 PHP file upload bypass via Plugin installer
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...
CVE-2024-31210
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...
CVE-2023-28089
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...
Code injection
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...
CVE-2023-28089
CVE-2023-28089 affects HPE OneView appliances. Affected component: the OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules. Root cause details are not provided in the supplied documents. Impact stated: exposure of FTP credentials; CVSS metrics indicate high confidenti...
CVE-2023-28089
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...