167 matches found
CVE-2023-53770
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...
EUVD-2023-60177
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...
CVE-2020-36871
ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include...
EUVD-2020-30822
ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may...
CVE-2020-36873 Astak CM-818T3 Unauthenticated Configuration Disclosure
Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorizatio...
CVE-2020-36874 ACE SECURITY WIP-90113 Unauthenticated Configuration Disclosure
ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may...
PT-2025-48194
Name of the Vulnerable Software and Affected Versions Astak CM-818T3 2.4GHz wireless security surveillance cameras affected versions not specified Description The cameras have an unauthenticated configuration disclosure issue in the /web/cgi-bin/hi3510/backup.cgi endpoint. This endpoint allows...
CVE-2025-13161
IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
PT-2025-46939
Name of the Vulnerable Software and Affected Versions IQ-Support affected versions not specified Description IQ-Support, developed by IQ Service International, has an Arbitrary File Read issue. Unauthenticated remote attackers can exploit Relative Path Traversal to download arbitrary system files...
D-Link DIR-852 HNAP1 File Command Injection Vulnerability
D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...
D-Link DIR-852 命令注入漏洞
D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...
EUVD-2020-4785
Malware in sbrugna...
EUVD-2017-18242
Malware in sbrugna...
EUVD-2011-4705
Malware in sbrugna...
EUVD-2025-24550
Malicious code in bioql PyPI...
EUVD-2022-38945
Malicious code in bioql PyPI...
EUVD-2023-46398
Malicious code in bioql PyPI...
EUVD-2023-36975
Malicious code in bioql PyPI...
EUVD-2022-36061
Malicious code in bioql PyPI...
CVE-2025-10767
CosmodiumCS OnlyRAT (versions prior to 3.3, affected up to 3.2 per some citations) contains an OS command injection in the Configuration File Handler’s main.py, specifically in the connect/remote_upload/remote_download function where manipulation of configuration["PASSWORD"] can be exploited. Att...