136 matches found
Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation
Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software...
Exploit for CVE-2013-6026
PoC exploit for CVE-2013-6026 Joel's Backdoor in D-Link routers. The target product/service is D-Link routers, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the administration panel of the router, which can be accessed without authentication due to t...
VMware Carbon Black App Control 授权问题漏洞
Vmware VMware Carbon Black App Control is an application control product from Vmware USA. It is used to lock down servers and critical systems to prevent unwanted changes. An authorization issue vulnerability exists in VMware Carbon Black App Control 8.0, 8.1, 8.5 before 8.5.8, and 8.6 before...
Siemens SPPA-T3000 Application Server Improper Authentication Vulnerability (CNVD-2019-45416)
SPPA-T3000 is a distributed control system mainly used in thermal power plants and large-scale renewable energy power plants.Application Server is the application server in it, which provides the main system services including access control, distribution of data to thin clients and archiving. A...
CVE-2019-12204
In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access...
CVE-2019-12204: Missing warning on install.php on public webroot can lead to unauthenticated admin access
More info at https://www.silverstripe.org/download/security-releases/cve-2019-12204/...
Cross site scripting
Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser...
Meross MSS110 Unauthenticated Admin .HTM Management Interface Vulnerability
Meross MSS110 is a smart WiFi socket device from China's Forari Meross Technology. A security vulnerability exists in Meross MSS110 version 1.1.24 and earlier. An attacker can exploit this vulnerability to cause a denial of service or obtain information...
CVE-2018-4841
A vulnerability has been identified in TIM 1531 IRC All versions V1.1. A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read...
Friends In War Make Or Break 1.7 Password Change
Friends in War Make or Break 1.7 - Unauthenticated admin password change Url: http://software.friendsinwar.com/ http://software.friendsinwar.com/downloads.php?catid=2&fileid=9 Author: shinnai mail: shinnaiatautisticidotorg site: http://www.shinnai.altervista.org/...
Design/Logic Flaw
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirmhash value to verify.php...
CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirmhash value to verify.php...
CVE-2017-7615
CVE-2017-7615 affects MantisBT up to version 2.30 (e.g., 2.3.0/2.3.1). The vulnerability is in verify.php where an empty confirm_hash enables pre-auth remote password reset and unauthenticated admin access, allowing unauthorized password changes and admin access. Public exploit references exist (...
PT-2017-17844 · Mantisbt · Mantisbt
Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 2.3.1 Description: The issue allows for arbitrary password reset and unauthenticated admin access. This is achieved by providing an empty confirm hash value to the "verify.php" endpoint. Recommendations: For version...
Teleopti WFM <= 7.1.0 Multiple Vulnerabilities
Teleopti WFM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:teleopit:wfm"; if description...
Davolink DV-2051 - Multiple Vulnerabilities
Davolink DV-2051 - Multiple Vulnerabilities =================================================================== Title: Unauthenticated admin password change Product: Davolink modem Tested model: DV-2051 Vulnerability Type: Missing Function Level Access Control CWE-306 Risk Level: High Solution...