Lucene search
K

108 matches found

The Hacker News
The Hacker News
added 2025/02/18 7:4 a.m.19 views

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers MFPs that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol LDAP and SMB/FTP services. "This pass-back style attack leverages a...

7.6CVSS8.2AI score0.00923EPSS
Exploits0
OSV
OSV
added 2024/10/09 11:15 p.m.2 views

CVE-2024-8264

Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled...

5.5CVSS5.8AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/09 12:0 a.m.6 views

Fortra Robot Schedule Enterprise Agent 安全漏洞

Fortra Robot Schedule Enterprise Agent is a component of Fortra's Enterprise Task Scheduler software. A security vulnerability exists in Fortra Robot Schedule Enterprise Agent versions prior to 3.05 that stems from FTP username and password information being written to the agent log file when...

5.5CVSS6.6AI score0.0018EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.233 views

Multiple DVR Manufacturers Configuration Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multiple DVR Manufacturers Configuration Disclosure', 'Description' = %q This module takes advantage of an authentication bypass vulnerability at...

7.5CVSS7AI score0.76109EPSS
Exploits4
CNVD
CNVD
added 2024/07/31 12:0 a.m.7 views

SyroTech SY-GPON-1110-WDONT Information Disclosure Vulnerability

The SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. The SyroTech SY-GPON-1110-WDONT suffers from an information disclosure vulnerability that originates from FTP credentials stored in plain text in the SquashFS-root file system associated with the router's firmware. An attacker...

7CVSS6.4AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2024/07/26 12:15 p.m.22 views

CVE-2024-41691

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary...

7CVSS0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/26 12:6 p.m.22 views

CVE-2024-41691 Insecure Storage of Sensitive Information Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary...

7CVSS0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/26 12:6 p.m.25 views

CVE-2024-41691 Insecure Storage of Sensitive Information Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary...

7CVSS6.8AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2024/07/26 12:6 p.m.58 views

CVE-2024-41691

CVE-2024-41691 affects SyroTech SY-GPON-1110-WDONT router. Affected component: firmware SquashFS-root stores FTP credentials in plaintext, enabling an attacker with physical access to extract firmware, reverse‑engineer data, and access the FTP server credentials. Impact: unauthorized FTP access a...

7CVSS6.5AI score0.00152EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/04/06 6:33 p.m.44 views

BIT-WORDPRESS-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

8.8CVSS7.5AI score0.00945EPSS
Exploits0References2
OSV
OSV
added 2024/04/06 6:33 p.m.31 views

BIT-WORDPRESS-MULTISITE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

8.8CVSS7.5AI score0.00945EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/04/04 11:15 p.m.70 views

CVE-2024-31210

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

8.8CVSS7.1AI score0.00945EPSS
Exploits0References3
OSV
OSV
added 2024/04/04 10:59 p.m.13 views

CVE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

7.6CVSS7.2AI score0.00945EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/04 10:59 p.m.46 views

CVE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

7.6CVSS7.1AI score0.00945EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/04 10:59 p.m.76 views

CVE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

7.6CVSS7.8AI score0.00945EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/04/04 10:59 p.m.31 views

CVE-2024-31210

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

8.8CVSS7.8AI score0.00945EPSS
Exploits0
NVD
NVD
added 2023/04/25 7:15 p.m.35 views

CVE-2023-28089

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...

7.1CVSS7AI score0.0017EPSS
Exploits0References1
Prion
Prion
added 2023/04/25 7:15 p.m.18 views

Code injection

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...

3.2CVSS7AI score0.0017EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/25 6:44 p.m.55 views

CVE-2023-28089

CVE-2023-28089 affects HPE OneView appliances. Affected component: the OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules. Root cause details are not provided in the supplied documents. Impact stated: exposure of FTP credentials; CVSS metrics indicate high confidenti...

7.1CVSS7AI score0.0017EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/25 6:44 p.m.10 views

CVE-2023-28089

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...

7AI score0.0017EPSS
Exploits0References1
Rows per page
Query Builder