Lucene search
K

122 matches found

OSV
OSV
added 3 days ago4 views

PYSEC-2026-428 motionEye: Authentication possible via password hash

Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to...

9.1CVSS6AI score
Exploits0References5
OSV
OSV
added 2026/06/22 8:59 p.m.3 views

GHSA-R3CW-C95M-WFH9 motionEye: Authentication possible via password hash

Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to...

9.1CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.6 views

PT-2026-51445

Name of the Vulnerable Software and Affected Versions MotionEye affected versions not specified Description An authentication bypass occurs because the application improperly trusts client-controlled cookies. The server accepts the cookies meye username and meye password hash as sufficient...

9.1CVSS5.8AI score
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-15404

Malware in sbrugna...

9.3CVSS8.2AI score0.60349EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.13 views

CVE-2022-47732

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...

7.5CVSS7.2AI score0.00544EPSS
Exploits1References1
NVD
NVD
added 2023/01/20 5:15 p.m.16 views

CVE-2022-47732

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...

7.5CVSS7.7AI score0.00544EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/01/20 12:0 a.m.24 views

CVE-2022-47732

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...

7.8AI score0.00544EPSS
Exploits1References2
CVE
CVE
added 2023/01/20 12:0 a.m.58 views

CVE-2022-47732

Affected software: Yeastar N412 and N824 Configuration Panel (versions 42.x–45.x). Vulnerability details: An unauthenticated attacker can create a backup file, download it, and reveal the admin hash. If the hash is cracked, the attacker can log in to the Configuration Panel; alternatively, the at...

7.5CVSS7.6AI score0.00544EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/20 12:0 a.m.5 views

PT-2023-15469 · Yeastar · Yeastar N412 +3

Name of the Vulnerable Software and Affected Versions: Yeastar N412 and N824 Configuration Panel versions 42.x through 45.x Description: An unauthenticated attacker can create a backup file and download it, revealing the admin hash. If the hash is cracked, it allows the attacker to log in to the...

7.5CVSS7.6AI score0.00544EPSS
Exploits1References4
Prion
Prion
added 2022/04/25 11:15 a.m.29 views

Design/Logic Flaw

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...

4CVSS7.7AI score0.09445EPSS
Exploits4References2Affected Software1
Prion
Prion
added 2022/04/25 11:15 a.m.23 views

Design/Logic Flaw

It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint...

5CVSS7.3AI score0.02313EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/25 12:0 a.m.4 views

PT-2022-12428 · Terramaster · Terramaster F2-210 +2

Name of the Vulnerable Software and Affected Versions: Terramaster F4-210, F2-210 TOS version 4.2.X 4.2.15-2107141517 Description: The issue allows an attacker to obtain sensitive information, including the first administrator's hash, MAC address, and internal IP address, by sending a request to...

6.5CVSS7.8AI score0.09445EPSS
Exploits4References4
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.4 views

TerraMaster TOS 安全漏洞

TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. TerraMaster TOS has a security vulnerability that can be exploited by an attacker executing a request to the /module/api.php?mobile/wapNasIPS endpoint to...

7.5CVSS7.4AI score0.02313EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.5 views

TerraMaster TOS 安全漏洞

TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. A security vulnerability exists in TerraMaster TOS, which can be exploited by an attacker executing a request to the /module/api.php?mobile/webNasIPS...

6.5CVSS7.1AI score0.09445EPSS
Exploits4References5
0day.today
0day.today
added 2021/06/30 12:0 a.m.54 views

phpAbook 0.9i - SQL Injection Vulnerability

Exploit Title: phpAbook 0.9i - SQL Injection Vendor Homepage: http://sourceforge.net/projects/phpabook/ Exploit Author: Said Cortes, Alejandro Perez Version: v0.9i This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. import requests...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/23 12:0 a.m.322 views

MyBB 1.8.25 SQL Injection

Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL [email protected] Date: 20.03.2021 Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy"...

6.5CVSS0.1AI score0.05072EPSS
Exploits12
ATTACKERKB
ATTACKERKB
added 2020/02/18 12:0 a.m.21 views

CVE-2020-9269

SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by exportical.php. Recent assessments: J3rryBl4nks at March 09, 2020 9:09pm UTC reported: This is an injection that is trivial to exploit and also to find. You can...

9CVSS1.6AI score0.02413EPSS
Exploits1References2
Hacker One
Hacker One
added 2019/05/28 7:53 a.m.340 views

X (Formerly Twitter): Potential pre-auth RCE on Twitter VPN

Hi, weOrange Tsai and Meh Chang are the security research team from DEVCORE. Recently, we are doing a research about SSL VPN security, and found several critical vulnerabilities on Pulse Secure SSL VPN! We have reported to vendor and patches have been released on 2019/4/25. Since that, we keep...

7.5CVSS9AI score0.99999EPSS
Exploits38
CNVD
CNVD
added 2017/09/14 12:0 a.m.4 views

D-Link DIR-850L REV.A and REV.B Information Disclosure Vulnerability

The D-Link DIR-850L REV.A and REV.B are both wireless router products from AUO D-Link. A security vulnerability exists in D-Link DIR-850L REV.A and REV.B devices using firmware FW114WWb07h2abbeta1 and prior versions and REV.B with firmware FW208WWb02 and prior versions. An attacker can exploit th...

7.8CVSS7.6AI score0.0034EPSS
Exploits1References1
OSV
OSV
added 2017/02/27 7:59 a.m.5 views

CVE-2017-6343

The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the...

8.1CVSS5.8AI score0.60349EPSS
Exploits0References2
Rows per page
Query Builder