Lucene search
K

55 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-33094

Malicious code in bioql PyPI...

8.1CVSS8AI score0.06693EPSS
Exploits4References4
0day.today
0day.today
added 2022/04/11 12:0 a.m.242 views

SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference Vulnerability

Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept ============ Normal us...

8.1CVSS8.2AI score0.06693EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/11 12:0 a.m.349 views

SAM SUNNY TRIPOWER 5.0 Insecure Direct Object Reference

Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept...

8.2AI score0.06693EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/04/11 12:0 a.m.359 views

SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference (IDOR)

Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept...

8.1CVSS8.2AI score0.06693EPSS
Exploits4
OSV
OSV
added 2022/04/07 11:15 a.m.6 views

CVE-2021-46416

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...

8.1CVSS7.2AI score0.06693EPSS
Exploits4References3
NVD
NVD
added 2022/04/07 11:15 a.m.20 views

CVE-2021-46416

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...

8.1CVSS0.06693EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2022/04/07 11:15 a.m.5 views

CVE-2021-46416

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...

8.1CVSS7.4AI score0.06693EPSS
Exploits4References4
Cvelist
Cvelist
added 2022/04/07 10:45 a.m.32 views

CVE-2021-46416

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...

8.2AI score0.06693EPSS
Exploits4References3
CVE
CVE
added 2022/04/07 10:45 a.m.81 views

CVE-2021-46416

CVE-2021-46416 concerns the SUNNY TRIPOWER 5.0 firmware (version 3.10.16.R). The vulnerability arises from insecure cookie handling that enables an insecure direct object reference, allowing an unauthorized user group to access restricted functionality. The issue is described in the CVE entry as ...

8.1CVSS7.9AI score0.06693EPSS
Exploits4References3Affected Software1
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.3 views

SMA Solar Technology SUNNY TRIPOWER 安全漏洞

The SMA Solar Technology SUNNY TRIPOWER is a solar inverter from SMA Solar Technology, Germany. A security vulnerability exists in SMA Solar Technology SUNNY TRIPOWER 5.0, which stems from an insecure direct object reference that could lead to unauthorized user group access due to insecure cookie...

8.1CVSS7.7AI score0.06693EPSS
Exploits4References7
Prion
Prion
added 2017/08/05 5:29 p.m.19 views

Information disclosure

DISPUTED An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking...

5CVSS6.7AI score0.01724EPSS
Exploits0References3
Prion
Prion
added 2017/08/05 5:29 p.m.20 views

Authentication flaw

DISPUTED An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate...

9CVSS7.1AI score0.01408EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.20 views

CVE-2017-9861

An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the...

9.8CVSS9.6AI score0.01408EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.20 views

CVE-2017-9857

An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be...

8.1CVSS8.2AI score0.00689EPSS
Exploits0References3
Prion
Prion
added 2017/08/05 5:29 p.m.15 views

Default credentials

DISPUTED An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline cracker...

5CVSS7.2AI score0.01127EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.23 views

CVE-2017-9851

An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...

7.5CVSS7.6AI score0.01865EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.27 views

CVE-2017-9862

An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An...

7.5CVSS7.4AI score0.01724EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.19 views

CVE-2017-9854

An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that...

9.8CVSS9.4AI score0.01127EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.16 views

CVE-2017-9853

An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of...

9.8CVSS9.5AI score0.01716EPSS
Exploits0References3
Prion
Prion
added 2017/08/05 5:29 p.m.15 views

Authentication flaw

DISPUTED An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the...

7.5CVSS7.3AI score0.01583EPSS
Exploits0References3
Rows per page
Query Builder