Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass

Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass ''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer...

CVE-2017-2871

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery...

CVE-2018-6000

An issue was discovered in AsusWRT before 3.0.0.4.38410007. The dovpnuploadpost function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon or enable infosvr command mode,...

FiberHome LM53Q1 - Multiple Vulnerabilities

!/usr/bin/python /$$$$$$$$ /$$ /$$ /$$ /$$ /$$$$$$$ /$$ /$$$$$$$$ /$$ /$$ /$$ | $$/|/| $$ | $$ | $$ | $$ $$ | $$ | $$/ | $$ |/ | $$ | $$ /$$| $$$$$$$ /$$$$$$ /$$$$$$ | $$ | $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ | $$ \ $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ /$$$$$$ /$$$$$$ | $$ /$$ /$$ /$$$$$$ | $$ /$$$$$$ /$$...

PT-2017-15701 · D Link · D-Link Dir-330 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-130 version 1.23 D-Link DIR-330 version 1.12 Description: The issue allows a remote attacker to bypass authentication on the remote login page. By manipulating the POST request, an attacker can access administrator-only pages, such...

Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware

There are multiple vulnerabilities in Intel Management Engine ME firmware. Some Huawei devices are affected for using related Intel products. Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system t...

The vulnerability of the microprogramming software of the iBaby M3S wireless video camera lies in the presence of a pre-installed account, which allows a intruder to gain access to the device with administrator rights.

The vulnerability of the microprogrammed software of the iBaby M3S wireless video camera is related to the presence of a pre-set administrator account “admin”. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the device with administrator privileges via...

The vulnerability of the microprogramming software of the Siklu EtherHaul radio relay station, related to the use of pre-installed account data, allows a intruder to gain access to the embedded operating system with administrator privileges.

The vulnerability of the microprogramming software of the Siklu EtherHaul radio relay station is related to the use of a pre-installed root account. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to the embedded operating system with administrator...

Salutation Responsive WordPress + BuddyPress Theme Cross-Site Scripting Vulnerability

Salutation Responsive WordPress + BuddyPress Theme is a responsive WordPress theme used in WordPress. A cross-site scripting vulnerability exists in Salutation Responsive WordPress+BuddyPress Theme version 3.0.15. A remote attacker can exploit this vulnerability to perform administrator actions...

CVE-2017-5712

Buffer overflow in Active Management Technology AMT in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege...

Siemens 7KT PAC1200 Data Manager Authentication Bypass Vulnerability

The 7KT PAC1200 data manager 7KT1260 from the SENTRON portfolio is a fully integrated smart meter with a Web interface. An authentication bypass vulnerability exists in the 7KT PAC1200 data manager from the SENTRON portfolio, which could allow a remote attacker to bypass the authentication...

CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

CVE-2017-10845

Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account...

Backdoor Vulnerability in NTT DOCOMO Wi-Fi STATION L-02F Software

NTT DOCOMO Wi-Fi STATION L-02F Software is a set of software used in the L-02F router from NTT DOCOMO Japan. A security vulnerability exists in NTT DOCOMO Wi-Fi STATION L-02F Software V10g and earlier versions. A remote attacker with a backdoor account could exploit the vulnerability to gain acce...

Backdoor access issue in Wi-Fi STATION L-02F

Overview Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. JPCERT/CC...

D-Link DIR Elevation of Privilege Vulnerability

D-Link DIR-615 is a small wireless router product from AUO D-Link. A security vulnerability exists in D-Link DIR-615 versions prior to 20.12PTb04. A remote attacker can exploit this vulnerability to gain access to the administrator account with the help of a TELNET connection...

CVE-2017-5965

The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload...

Design/Logic Flaw

upAdminPg.asp in Advantech WebAccess before 8.120160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors...

CVE-2016-1560

ExaGrid appliances with firmware before 4.8 P26 have a default password of 1 inflection for the root shell account and 2 support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session...