18 matches found
Design/Logic Flaw
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11...
Design/Logic Flaw
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11...
Design/Logic Flaw
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50...
CVE-2017-18845
CVE-2017-18845 affects NETGEAR R6700v2 and R6800 routers; prior to version 1.1.0.38, admin credentials can be disclosed. Exploitation details are not provided in the documents, but CVSS metrics indicate high impact (CVSSv3.1/7.8; Confidentiality, Integrity, Availability HIGH). Remediation: upgrad...
CVE-2017-18845
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38...
CVE-2018-10516
In CMS Made Simple CMSMS through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory...
D-Link 850L Firmware B1 Admin Password Disclosure Vulnerability - Active Check
D-Link 850L Firmware B1 is vulnerable to an admin password disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Nextcloud: Disclosure of administrators via JSON on nextcloud.com Wordpress
@rbcafe reported the following issue, since it contains references to internal data we've decided to disclose this issue only limitedly. ------- Greetings, Description : ---------------- Since the update of the website to wordpress 4.7 the JSON discloses administrators : POC : ----------------...
blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo blur6ex = 0.3.462 'ID' blind SQL injection / admin credentials disclosure\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo dork: \powered by blur6ex\r\n\r\n; / works...
Kamads classifieds V2 admin Disclosure / AuthBypass exploit
Exploit for php platform in category web applications \n"; print "\nex...........: php $argv0 http://www.target.com/V2AXHTML/admin/admin.php\n"; die; else $ch = curlinit; curlsetopt$ch,CURLOPTURL,"$argv1"; $op1 = curlsetopt$ch,CURLOPTRETURNTRANSFER,true; curlsetopt$ch,CURLOPTUSERAGENT,"Mozilla/4....
R2 Newsletter Store Admin Disclosure
--------------------------------------------------------------- --------------------------------------------------------------- R2 Newsletter Store admin.mdb Remote Admin Disclosure Vulnerability --------------------------------------------------------------- Founder : TiGeR-Dz...
R2 NewsLetter LiteProStats - admin.mdb Database Disclosure
R2 NewsLetter LiteProStats - admin.mdb Database Disclosure --------------------------------------------------------------- --------------------------------------------------------------- R2 Newsletter Store admin.mdb Remote Admin Disclosure Vulnerability...
Flexphplink Pro - Arbitrary File Upload
Flexphplink Pro - Arbitrary File Upload !/usr/bin/perl HAPPY CHRISTMAS !! Flexphplink Pro http://www.hotscripts.com/jump.php?listingid=21062&jumptype=1 Bug: Arbitrary File Upload I coded this exploit just for fun ; Exploit coded by Osirys osirysatlivedotit http://osirys.org Greets: x0r, miclen,...
Triton CMS Pro 1.06 - x-forwarded-for Blind SQL Injection
Triton CMS Pro 1.06 - x-forwarded-for Blind SQL Injection !/usr/bin/perl -w Triton CMS Pro X-Forwarded-For Blind SQL Injection Admin's username/hash disclosure exploit Benchmark method, so take a coffee and relax Coded by GiReX use LWP::UserAgent; use HTTP::Request; ifnot defined $ARGV0 print...
Php-Stats <= 0.1.9.1b (ip) Remote SQL Injection Exploit
No description provided by source. ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b "ip" urldecode/ ereg / sql injection / cleat text admin pass disclosure exploit method ii by rgod mail: retrog at alice dot it site:...
blur6ex 0.3.462 - 'ID' Admin Disclosure / Blind SQL Injection
!/usr/bin/php -q -d shortopentag=on ? echo "blur6ex = 0.3.462 'ID' blind SQL injection / admin credentials disclosure\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: "powered by blur6ex"\r\n\r\n"; / works regardless of php.ini settings /...
blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "blur6ex = 0.3.462 'ID' blind SQL injection / admin credentials disclosure\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: "powered by blur6ex"\r\n\r\n"; / works...
blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================================== blur6ex = 0.3.462 ID Admin Disclosure / Blind SQL Injection Exploit ====================================================================== !/usr/bin/php -q -d...