Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection

Wireless Multiplex Terminal Playout Server =20.2.8 has a default account with a password of pokon available via its web administrative interface. id: CVE-2020-35338 info: name: Wireless Multiplex Terminal Playout Server =20.2.8 - Default Credential Detection author: Jeya Seelan severity: critical...

Virtua Software Cobranca <12R - Blind SQL Injection

Virtua Cobranca before 12R allows blind SQL injection on the login page. id: CVE-2021-37589 info: name: Virtua Software Cobranca 12R - Blind SQL Injection author: princechaddha severity: high description: | Virtua Cobranca before 12R allows blind SQL injection on the login page. impact: |...

Intelbras WIN 300/WRN 342 - Credentials Disclosure

Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code. id: CVE-2021-3017 info: name: Intelbras WIN 300/WRN 342 - Credentials Disclosure author: pikpikcu severity: high description:...

Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. id: CVE-2021-24215...

Intel Neural Compressor <2.5.0 - SQL Injection

Improper input validation in some IntelR Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. id: CVE-2024-22476 info: name: Intel Neural Compressor 2.5.0 - SQL Injection author: ritikchaddha severity:...

SolarView Compact 6.00 - Local File Inclusion

SolarView Compact 6.00 is vulnerable to local file inclusion which could allow attackers to access sensitive files. id: CVE-2022-29298 info: name: SolarView Compact 6.00 - Local File Inclusion author: ritikchaddha severity: high description: SolarView Compact 6.00 is vulnerable to local file...

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteteam. id: CVE-2022-31977 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to SQ...

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. id: CVE-2022-31974 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injectio...

Apache Superset <=1.3.2 - Default Login

Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-44451 info:...

TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass

TOTOLINK EX1200T 4.1.2cu.5215 is susceptible to authentication bypass. An attacker can bypass login by sending a specific request through formLoginAuth.htm, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-42887 info:...

PowerJob <=4.3.2 - Unauthenticated Access

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. id: CVE-2023-29923 info: name: PowerJob =4.3.2 - Unauthenticated Access author: For3stCo1d severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. impact: ...

DomPHP 0.83 - Directory Traversal

A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. dot dot in the url parameter to photoalbum/index.php. id: CVE-2014-10037 info: name: DomPHP 0.83 - Directory Traversal author: daffainfo severity: high description: A...

Sony IPELA Engine IP Camera - Hardcoded Account

Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials. id: CVE-2016-7834 info: name: Sony IPELA Engine IP Camera - Hardcoded Account author: af001 severity: high description: | Multiple SONY network cameras are vulnerable to sensitive informati...

WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution

WordPress themes including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina Lite = 2.0.4, Transcend = 1.1.8, Affluent = 1.1.0, Bonkers = 1.0.4, Antreas = 1.0.2, Sparkli...

Dahua Security - Configuration File Disclosure

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and...

Arcserve Unified Data Protection - Authentication Bypass

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...

Triofox - Improper Access Control

The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.595.65696 allow unauthenticated access to the /management/admindatabase.aspx endpoint, exposing sensitive database management functionality to anyone with network access. An unauthenticated attacker can remotely...

Old Age Home Management System v1.0 - SQL Injection

Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. id: CVE-2023-33338 info: name: Old Age Home Management System v1.0 - SQL Injection author: Harsh severity: critical description: | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username...

WP Projects Portfolio <= 3.0 - Cross-Site Scripting

WP Projects Portfolio with Client Testimonials WordPress plugin = 3.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13114...

WordPress 3D FlipBook <= 1.16.17 - Information Disclosure

WordPress 3D FlipBook - PDF Flipbook Viewer, Flipbook Image Gallery plugin versions = 1.16.17 contain a missing authorization vulnerability in multiple AJAX endpoints. The fb3dsendpostsin, fb3dsendpostpages, fb3dsendpostsinpages, fb3dsendpostsinfirstpage, and fb3dsendpostfirstpage handlers are...