Lucene search
K

972 matches found

Prion
Prion
added 2020/03/19 6:15 p.m.15 views

Design/Logic Flaw

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter...

4.3CVSS6AI score0.00906EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/11/13 9:15 p.m.18 views

CVE-2013-3367

Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg24Mhw3...

10CVSS9.5AI score0.02699EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/11/13 8:43 p.m.21 views

CVE-2013-3367

Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg24Mhw3...

9.6AI score0.02699EPSS
Exploits0References3
OSV
OSV
added 2019/10/14 3:15 p.m.2 views

CVE-2019-16344

A cross-site scripting XSS vulnerability in the login form /ScadaBR/login.htm in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter...

6.1CVSS6.4AI score0.01036EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2019/10/14 12:0 a.m.262 views

Kirona-DRS 5.5.3.5 Information Disclosure

Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Discovered Date: 2019-10-03 Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DRS 5.5.3.5 may be other versions. Tested On...

5.5AI score0.49236EPSS
Exploits6
VulnCheck KEV
VulnCheck KEV
added 2019/06/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-18377

An issue was discovered on Wireless IP Camera P2P WIFICAM cameras. There is Command Injection in the setftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a setftp.cgi?svr=192.168.1.1&port=21&user=ftp URI...

10CVSS7.3AI score0.06371EPSS
Exploits1References1
OSV
OSV
added 2019/05/17 3:29 p.m.5 views

CVE-2019-8928

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName...

6.1CVSS6.4AI score0.06311EPSS
Exploits5References4
OSV
OSV
added 2019/03/21 4:0 p.m.5 views

CVE-2018-20218

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...

9.8CVSS5.8AI score0.10735EPSS
Exploits5References2
NVD
NVD
added 2019/03/21 4:0 p.m.24 views

CVE-2018-20218

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...

10CVSS9.7AI score0.10735EPSS
Exploits5References2
OSV
OSV
added 2019/02/07 7:29 a.m.3 views

CVE-2019-7567

An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter...

6.1CVSS6.3AI score0.00826EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/28 12:0 a.m.1 views

TerraMaster TOS System Command Injection Vulnerability (CNVD-2019-00665)

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A system command injection vulnerability exists in the ajaxdata.php endpoint in...

10CVSS9.8AI score0.091EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/24 12:0 a.m.2 views

E-Sic Authentication Bypass Vulnerability

E-Sic is a Brazilian electronic system for citizen information. An authentication bypass vulnerability exists in the /index aka login URI in E-Sic version 1.0. An attacker can exploit this vulnerability to bypass authentication and gain access to the panel with the 'username' and 'password'...

9.8CVSS9.7AI score0.0273EPSS
Exploits0References1
NVD
NVD
added 2018/04/12 9:29 p.m.14 views

CVE-2014-9563

CRLF injection vulnerability in the web-based management WBM interface in Unify former Siemens OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via th...

4.9CVSS5.2AI score0.01201EPSS
Exploits0References2
CNVD
CNVD
added 2018/04/08 12:0 a.m.3 views

Tenda AC15 Router Remote Code Execution Vulnerability

Tenda AC15 is a wireless router product from Tenda, a Chinese company. A remote code execution vulnerability exists on the Tenda AC15 V15.03.1.16multi device, which can be exploited by an unauthenticated, remote attacker to perform remote code execution on the device using the COOKIE password...

9.8CVSS8.5AI score0.41403EPSS
Exploits5References1
Prion
Prion
added 2018/02/15 11:29 p.m.25 views

Remote code execution

An issue was discovered on Tenda AC15 V15.03.1.16multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header...

7.5CVSS9.9AI score0.41403EPSS
Exploits5References2Affected Software1
OSV
OSV
added 2017/07/27 6:29 a.m.4 views

CVE-2017-11679

Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...

8.8CVSS5.8AI score0.00683EPSS
Exploits1References2
Prion
Prion
added 2017/07/27 6:29 a.m.13 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...

6.8CVSS8.8AI score0.00683EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2017/07/27 6:29 a.m.18 views

CVE-2017-11679

Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...

8.8CVSS8.9AI score0.00683EPSS
Exploits1References2
CNVD
CNVD
added 2017/02/27 12:0 a.m.5 views

HazirSite SQL Injection Vulnerability

HazirSite girisyap.asp suffers from a SQL injection vulnerability. Allows remote attackers to bypass authentication via the 1 ka class or 2 sifre parameter...

5CVSS8.3AI score0.03351EPSS
Exploits1References1
CNVD
CNVD
added 2015/11/26 12:0 a.m.4 views

Cross-Site Request Forgery Vulnerability in Multiple Arris Devices

Arris DG860A, TG862A, TG862G devices are modem products from the Arris Group of Companies. A cross-site request forgery vulnerability exists in the 'advpwdcgi' parameter in the web management interface of multiple Arris devices. A remote attacker could exploit this vulnerability to perform...

6.8CVSS7AI score0.00952EPSS
Exploits0References1
Rows per page
Query Builder