Lucene search
K

9 matches found

NVD
NVD
added 2025/12/10 9:16 p.m.11 views

CVE-2020-36896

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

8.7CVSS0.00765EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/10 8:55 p.m.18 views

CVE-2020-36896 QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

8.7CVSS0.00765EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.3 views

Intelbras ICIP 安全漏洞

Intelbras ICIP is an interface extension board from Intelbras, Brazil. A security vulnerability exists in Intelbras ICIP version 2.0.20, which stems from incorrect manipulation of the parameter NomeUsuario/SenhaAcess in the file /xml/sistema/acessodeusuario.xml, which could lead to improper stora...

7.5CVSS5.5AI score0.00461EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-4265

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00378EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/24 12:0 a.m.5 views

CVE-2024-56525

In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...

9.4AI score0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/24 12:0 a.m.11 views

CVE-2024-56525

In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...

0.00378EPSS
Exploits0References1
OSV
OSV
added 2022/03/21 11:15 a.m.6 views

CVE-2021-45877

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page...

9.8CVSS5.8AI score0.01082EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.3 views

GARO Wallbox GLB/GTB/GTC 信任管理问题漏洞

The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that originates from the presence of a hard-coded credential in /etc/tomcat8/tomcat-user.xml. An attacker can use this vulnerability to gain...

9.8CVSS8.4AI score0.01082EPSS
Exploits0References2
seebug.org
seebug.org
added 2009/11/24 12:0 a.m.47 views

HP Operations Manager 8.10 后门账号漏洞

BUGTRAQ ID: 37086 CVE ID: CVE-2009-3843 HP Operations Manager是用于协调IT基础架构中网络、最终用户体验事件的综合事件和性能管理控制台。 HP Operations Manager的Tomcat用户XML文件中存在隐藏的账号,恶意用户可以使用这个账号访问org.apache.catalina.manager.HTMLManagerServlet类,而这个servlet允许远程用户通过POST请求向/manager/html/upload上传文件。如果攻击者上传了恶意内容,之后就可以在服务器上访问并以SYSTEM用户权限执行任意代...

10CVSS9.1AI score0.78968EPSS
Exploits12
Rows per page
Query Builder