281 matches found
CVE-2017-7737
CVE-2017-7737 affects Fortinet FortiWeb 5.8.2 and earlier. The issue is an information disclosure where a logged-in admin can view the SNMPv3 user password in cleartext via the web UI HTML source code. The root cause is exposure of sensitive password data in the HTML, enabling disclosure without ...
Information Disclosure
Moodle is vulnerable to information disclosure attacks. Authenticated users can leverage a flaw in mod/lesson/pagetypes/matching.php to obtain question answers through ID values by reading the HTML source code...
This Retail Website Considers Password Security Optional
Most gaping security holes are terrible mistakes. But for one major Hong Kong-based online retailer called Strawberrynet, its security shortcomings are a feature. Like many ecommerce sites, registered users have an option for express checkout. What makes beauty-products website Strawberrynet uniq...
Default credentials
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response...
CVE-2017-9557
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response...
CVE-2017-9557
CVE-2017-9557 affects EFS Software Easy Chat Server (versions 2.0–3.1). The issue allows remote attackers to obtain user passwords by sending a crafted request containing the username parameter together with an empty password parameter, then reading the HTML source of the response. This is a info...
Authentication flaw
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...
CVE-2017-6558
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...
CVE-2017-6558
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...
WSO2 Carbon 4.4.5 - Persistent Cross-Site Scripting
Exploit for jsp platform in category web applications + Credits: John Page aka HYP3RLINX Vendor: ============= www.wso2.com Product: ================== Ws02Carbon v4.4.5 WSO2 Carbon is the core platform on which WSO2 middleware products are built. It is based on Java OSGi technology, which allows...
The vulnerability of the Firefox browser, which allows a remote attacker to execute arbitrary code or trigger a service denial-of-service attack.
The vulnerability of Firefox’s Firefox browser lies in the function HTMLSourceElement::AfterSetAttr. It involves insufficient restrictions on the original data type of the calculated value when setting attributes for the SOURCE element. Exploiting this vulnerability allows a malicious actor to...
IBM Lotus Domino R8 - Password Hash Extraction
Exploit Title: IBM Lotus Domino = R8 Password Hash Extraction Exploit Google Dork: inurl:names.nsf?opendatabase Date: 02-24-2016 Exploit Author: Jonathan Broche Contact: https://twitter.com/g0jhonny Vendor Homepage: https://www-01.ibm.com/software/lotus/category/messaging/ Tested on: Lotus Domino...
Code injection
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703...
CVE-2015-7248
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703...
CVE-2015-7248
CVE-2015-7248 affects ZTE ZXHN H108N R1A and ZXV10 W300 routers. The vulnerability enables information exposure by allowing remote attackers to read the cgi-bin/webproc HTML source and obtain usernames and password hashes. This is a separate issue from CVE-2015-8703. Public sources in the connect...
CVE-2015-6474
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code...
Code injection
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code...
CVE-2015-6474
The CVE-2015-6474 entry concerns IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ where an attacker can discover cleartext passwords by viewing the HTML source of web pages. Affected products are web-based SCADA systems; the root cause is improper handling/storage of credentials leading to exposur...
CVE-2015-6474
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code...
CVE-2015-4214
Cisco Unified MeetingPlace 8.61.2 and 8.61.9 allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050...