9 matches found
CVE-2020-36896
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...
CVE-2020-36896 QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...
Intelbras ICIP 安全漏洞
Intelbras ICIP is an interface extension board from Intelbras, Brazil. A security vulnerability exists in Intelbras ICIP version 2.0.20, which stems from incorrect manipulation of the parameter NomeUsuario/SenhaAcess in the file /xml/sistema/acessodeusuario.xml, which could lead to improper stora...
EUVD-2025-4265
Malicious code in bioql PyPI...
CVE-2024-56525
In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...
CVE-2024-56525
In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...
CVE-2021-45877
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page...
GARO Wallbox GLB/GTB/GTC 信任管理问题漏洞
The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that originates from the presence of a hard-coded credential in /etc/tomcat8/tomcat-user.xml. An attacker can use this vulnerability to gain...
HP Operations Manager 8.10 后门账号漏洞
BUGTRAQ ID: 37086 CVE ID: CVE-2009-3843 HP Operations Manager是用于协调IT基础架构中网络、最终用户体验事件的综合事件和性能管理控制台。 HP Operations Manager的Tomcat用户XML文件中存在隐藏的账号,恶意用户可以使用这个账号访问org.apache.catalina.manager.HTMLManagerServlet类,而这个servlet允许远程用户通过POST请求向/manager/html/upload上传文件。如果攻击者上传了恶意内容,之后就可以在服务器上访问并以SYSTEM用户权限执行任意代...