972 matches found
Design/Logic Flaw
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter...
CVE-2013-3367
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg24Mhw3...
CVE-2013-3367
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg24Mhw3...
CVE-2019-16344
A cross-site scripting XSS vulnerability in the login form /ScadaBR/login.htm in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter...
Kirona-DRS 5.5.3.5 Information Disclosure
Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Discovered Date: 2019-10-03 Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DRS 5.5.3.5 may be other versions. Tested On...
VulnCheck KEV: CVE-2017-18377
An issue was discovered on Wireless IP Camera P2P WIFICAM cameras. There is Command Injection in the setftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a setftp.cgi?svr=192.168.1.1&port=21&user=ftp URI...
CVE-2019-8928
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName...
CVE-2018-20218
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...
CVE-2018-20218
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...
CVE-2019-7567
An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter...
TerraMaster TOS System Command Injection Vulnerability (CNVD-2019-00665)
TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A system command injection vulnerability exists in the ajaxdata.php endpoint in...
E-Sic Authentication Bypass Vulnerability
E-Sic is a Brazilian electronic system for citizen information. An authentication bypass vulnerability exists in the /index aka login URI in E-Sic version 1.0. An attacker can exploit this vulnerability to bypass authentication and gain access to the panel with the 'username' and 'password'...
CVE-2014-9563
CRLF injection vulnerability in the web-based management WBM interface in Unify former Siemens OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via th...
Tenda AC15 Router Remote Code Execution Vulnerability
Tenda AC15 is a wireless router product from Tenda, a Chinese company. A remote code execution vulnerability exists on the Tenda AC15 V15.03.1.16multi device, which can be exploited by an unauthenticated, remote attacker to perform remote code execution on the device using the COOKIE password...
Remote code execution
An issue was discovered on Tenda AC15 V15.03.1.16multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header...
CVE-2017-11679
Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...
CVE-2017-11679
Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...
HazirSite SQL Injection Vulnerability
HazirSite girisyap.asp suffers from a SQL injection vulnerability. Allows remote attackers to bypass authentication via the 1 ka class or 2 sifre parameter...
Cross-Site Request Forgery Vulnerability in Multiple Arris Devices
Arris DG860A, TG862A, TG862G devices are modem products from the Arris Group of Companies. A cross-site request forgery vulnerability exists in the 'advpwdcgi' parameter in the web management interface of multiple Arris devices. A remote attacker could exploit this vulnerability to perform...