Lucene search
K

136 matches found

Exploit DB
Exploit DB
added 2021/10/08 12:0 a.m.249 views

Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation

Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software...

7.4AI score
Exploits0
Gitee
Gitee
added 2021/09/27 2:39 p.m.5 views

Exploit for CVE-2013-6026

PoC exploit for CVE-2013-6026 Joel's Backdoor in D-Link routers. The target product/service is D-Link routers, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the administration panel of the router, which can be accessed without authentication due to t...

10CVSS7.8AI score0.0768EPSS
Exploits4
CNNVD
CNNVD
added 2021/06/22 12:0 a.m.6 views

VMware Carbon Black App Control 授权问题漏洞

Vmware VMware Carbon Black App Control is an application control product from Vmware USA. It is used to lock down servers and critical systems to prevent unwanted changes. An authorization issue vulnerability exists in VMware Carbon Black App Control 8.0, 8.1, 8.5 before 8.5.8, and 8.6 before...

9.8CVSS8.6AI score0.10619EPSS
Exploits0References2
CNVD
CNVD
added 2019/12/11 12:0 a.m.4 views

Siemens SPPA-T3000 Application Server Improper Authentication Vulnerability (CNVD-2019-45416)

SPPA-T3000 is a distributed control system mainly used in thermal power plants and large-scale renewable energy power plants.Application Server is the application server in it, which provides the main system services including access control, distribution of data to thin clients and archiving. A...

9.8CVSS6.9AI score0.02028EPSS
Exploits0References1
NVD
NVD
added 2019/09/25 7:15 p.m.28 views

CVE-2019-12204

In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access...

9.8CVSS9.4AI score0.0146EPSS
Exploits0References3
Friends Of PHP
Friends Of PHP
added 2019/09/24 5:1 p.m.23 views

CVE-2019-12204: Missing warning on install.php on public webroot can lead to unauthenticated admin access

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12204/...

9.8CVSS7.2AI score0.0146EPSS
Exploits0Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.22 views

Cross site scripting

Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser...

4.3CVSS6.2AI score0.01068EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/05/04 12:0 a.m.2 views

Meross MSS110 Unauthenticated Admin .HTM Management Interface Vulnerability

Meross MSS110 is a smart WiFi socket device from China's Forari Meross Technology. A security vulnerability exists in Meross MSS110 version 1.1.24 and earlier. An attacker can exploit this vulnerability to cause a denial of service or obtain information...

9.8CVSS6.8AI score0.01223EPSS
Exploits1References1
OSV
OSV
added 2018/03/29 1:29 p.m.5 views

CVE-2018-4841

A vulnerability has been identified in TIM 1531 IRC All versions V1.1. A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read...

9.8CVSS5.8AI score0.04932EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2017/07/27 12:0 a.m.24 views

Friends In War Make Or Break 1.7 Password Change

Friends in War Make or Break 1.7 - Unauthenticated admin password change Url: http://software.friendsinwar.com/ http://software.friendsinwar.com/downloads.php?catid=2&fileid=9 Author: shinnai mail: shinnaiatautisticidotorg site: http://www.shinnai.altervista.org/...

Exploits0
Prion
Prion
added 2017/04/16 2:59 p.m.19 views

Design/Logic Flaw

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirmhash value to verify.php...

6.5CVSS8.8AI score0.90856EPSS
Exploits10References6Affected Software1
OSV
OSV
added 2017/04/16 2:59 p.m.14 views

CVE-2017-7615

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirmhash value to verify.php...

8.8CVSS7.1AI score
Exploits0References6
CVE
CVE
added 2017/04/16 2:45 p.m.148 views

CVE-2017-7615

CVE-2017-7615 affects MantisBT up to version 2.30 (e.g., 2.3.0/2.3.1). The vulnerability is in verify.php where an empty confirm_hash enables pre-auth remote password reset and unauthenticated admin access, allowing unauthorized password changes and admin access. Public exploit references exist (...

8.8CVSS8.7AI score0.90856EPSS
Exploits10References6Affected Software1
Positive Technologies
Positive Technologies
added 2017/04/16 12:0 a.m.5 views

PT-2017-17844 · Mantisbt · Mantisbt

Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 2.3.1 Description: The issue allows for arbitrary password reset and unauthenticated admin access. This is achieved by providing an empty confirm hash value to the "verify.php" endpoint. Recommendations: For version...

8.8CVSS8.8AI score0.90856EPSS
Exploits10References13
OpenVAS
OpenVAS
added 2017/02/07 12:0 a.m.19 views

Teleopti WFM <= 7.1.0 Multiple Vulnerabilities

Teleopti WFM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:teleopit:wfm"; if description...

9.8CVSS7AI score0.00996EPSS
Exploits3References1
exploitpack
exploitpack
added 2016/08/05 12:0 a.m.32 views

Davolink DV-2051 - Multiple Vulnerabilities

Davolink DV-2051 - Multiple Vulnerabilities =================================================================== Title: Unauthenticated admin password change Product: Davolink modem Tested model: DV-2051 Vulnerability Type: Missing Function Level Access Control CWE-306 Risk Level: High Solution...

0.1AI score
Exploits0
Rows per page
Query Builder