EUVD-2017-15404

Malware in sbrugna...

CVE-2022-47732

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...

CVE-2022-47732

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...

CVE-2022-47732

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...

PT-2023-15469 · Yeastar · Yeastar N412 +3

Name of the Vulnerable Software and Affected Versions: Yeastar N412 and N824 Configuration Panel versions 42.x through 45.x Description: An unauthenticated attacker can create a backup file and download it, revealing the admin hash. If the hash is cracked, it allows the attacker to log in to the...

CVE-2022-47732

Affected software: Yeastar N412 and N824 Configuration Panel (versions 42.x–45.x). Vulnerability details: An unauthenticated attacker can create a backup file, download it, and reveal the admin hash. If the hash is cracked, the attacker can log in to the Configuration Panel; alternatively, the at...

Design/Logic Flaw

It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint...

Design/Logic Flaw

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...

TerraMaster TOS 安全漏洞

TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. TerraMaster TOS has a security vulnerability that can be exploited by an attacker executing a request to the /module/api.php?mobile/wapNasIPS endpoint to...

PT-2022-12428 · Terramaster · Terramaster F2-210 +2

Name of the Vulnerable Software and Affected Versions: Terramaster F4-210, F2-210 TOS version 4.2.X 4.2.15-2107141517 Description: The issue allows an attacker to obtain sensitive information, including the first administrator's hash, MAC address, and internal IP address, by sending a request to...

TerraMaster TOS 安全漏洞

TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. A security vulnerability exists in TerraMaster TOS, which can be exploited by an attacker executing a request to the /module/api.php?mobile/webNasIPS...

phpAbook 0.9i - SQL Injection Vulnerability

Exploit Title: phpAbook 0.9i - SQL Injection Vendor Homepage: http://sourceforge.net/projects/phpabook/ Exploit Author: Said Cortes, Alejandro Perez Version: v0.9i This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. import requests...

MyBB 1.8.25 SQL Injection

Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL [email protected] Date: 20.03.2021 Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy"...

CVE-2020-9269

SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by exportical.php. Recent assessments: J3rryBl4nks at March 09, 2020 9:09pm UTC reported: This is an injection that is trivial to exploit and also to find. You can...

X (Formerly Twitter): Potential pre-auth RCE on Twitter VPN

Hi, weOrange Tsai and Meh Chang are the security research team from DEVCORE. Recently, we are doing a research about SSL VPN security, and found several critical vulnerabilities on Pulse Secure SSL VPN! We have reported to vendor and patches have been released on 2019/4/25. Since that, we keep...

D-Link DIR-850L REV.A and REV.B Information Disclosure Vulnerability

The D-Link DIR-850L REV.A and REV.B are both wireless router products from AUO D-Link. A security vulnerability exists in D-Link DIR-850L REV.A and REV.B devices using firmware FW114WWb07h2abbeta1 and prior versions and REV.B with firmware FW208WWb02 and prior versions. An attacker can exploit th...

Design/Logic Flaw

The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the...

CVE-2017-6343

The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the...

CVE-2017-6343

The vulnerability CVE-2017-6343 affects Dahua DHI-HCVR7216A-S3 devices and is realized via the web interface, enabling remote authentication bypass by using knowledge of the MD5 Admin Hash to gain login access without the password. Affected components include NVR firmware 3.210.0001.10, Camera fi...

CVE-2017-6343

The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the...