122 matches found
PYSEC-2026-428 motionEye: Authentication possible via password hash
Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to...
GHSA-R3CW-C95M-WFH9 motionEye: Authentication possible via password hash
Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to...
PT-2026-51445
Name of the Vulnerable Software and Affected Versions MotionEye affected versions not specified Description An authentication bypass occurs because the application improperly trusts client-controlled cookies. The server accepts the cookies meye username and meye password hash as sufficient...
EUVD-2017-15404
Malware in sbrugna...
CVE-2022-47732
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...
CVE-2022-47732
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...
CVE-2022-47732
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...
CVE-2022-47732
Affected software: Yeastar N412 and N824 Configuration Panel (versions 42.x–45.x). Vulnerability details: An unauthenticated attacker can create a backup file, download it, and reveal the admin hash. If the hash is cracked, the attacker can log in to the Configuration Panel; alternatively, the at...
PT-2023-15469 · Yeastar · Yeastar N412 +3
Name of the Vulnerable Software and Affected Versions: Yeastar N412 and N824 Configuration Panel versions 42.x through 45.x Description: An unauthenticated attacker can create a backup file and download it, revealing the admin hash. If the hash is cracked, it allows the attacker to log in to the...
Design/Logic Flaw
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...
Design/Logic Flaw
It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint...
PT-2022-12428 · Terramaster · Terramaster F2-210 +2
Name of the Vulnerable Software and Affected Versions: Terramaster F4-210, F2-210 TOS version 4.2.X 4.2.15-2107141517 Description: The issue allows an attacker to obtain sensitive information, including the first administrator's hash, MAC address, and internal IP address, by sending a request to...
TerraMaster TOS 安全漏洞
TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. TerraMaster TOS has a security vulnerability that can be exploited by an attacker executing a request to the /module/api.php?mobile/wapNasIPS endpoint to...
TerraMaster TOS 安全漏洞
TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. A security vulnerability exists in TerraMaster TOS, which can be exploited by an attacker executing a request to the /module/api.php?mobile/webNasIPS...
phpAbook 0.9i - SQL Injection Vulnerability
Exploit Title: phpAbook 0.9i - SQL Injection Vendor Homepage: http://sourceforge.net/projects/phpabook/ Exploit Author: Said Cortes, Alejandro Perez Version: v0.9i This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. import requests...
MyBB 1.8.25 SQL Injection
Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL [email protected] Date: 20.03.2021 Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy"...
CVE-2020-9269
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by exportical.php. Recent assessments: J3rryBl4nks at March 09, 2020 9:09pm UTC reported: This is an injection that is trivial to exploit and also to find. You can...
X (Formerly Twitter): Potential pre-auth RCE on Twitter VPN
Hi, weOrange Tsai and Meh Chang are the security research team from DEVCORE. Recently, we are doing a research about SSL VPN security, and found several critical vulnerabilities on Pulse Secure SSL VPN! We have reported to vendor and patches have been released on 2019/4/25. Since that, we keep...
D-Link DIR-850L REV.A and REV.B Information Disclosure Vulnerability
The D-Link DIR-850L REV.A and REV.B are both wireless router products from AUO D-Link. A security vulnerability exists in D-Link DIR-850L REV.A and REV.B devices using firmware FW114WWb07h2abbeta1 and prior versions and REV.B with firmware FW208WWb02 and prior versions. An attacker can exploit th...
CVE-2017-6343
The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the...