40 matches found
CVE-2025-15552
CVE-2025-15552 affects Truesec LAPSWebUI prior to version 2.4. The root cause is insufficient session expiration, which can allow a workstation-occupied attacker to escalate privileges by disclosure of the local admin password. The available connected sources corroborate a local-attack vector wit...
EUVD-2023-12106
Malicious code in bioql PyPI...
CVE-2023-46384
LOYTEC electronics GmbH LINX Configurator all versions is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device...
PT-2023-29993 · Loytec Electronics Gmbh · Linx Configurator
Name of the Vulnerable Software and Affected Versions: LOYTEC electronics GmbH LINX Configurator all versions Description: The issue concerns insecure permissions in the LINX Configurator, where credentials are stored in cleartext. This allows remote attackers to disclose the admin password and...
CVE-2021-40858
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring...
CVE-2020-25078
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...
CVE-2020-25078
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. Recent assessments: kevthehermit at March 04, 2021 12:03am UTC reported: Vulnerability The D-LInk...
CVE-2017-18777
Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 befor...
CVE-2018-10946
An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI...
Default credentials
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account which is a low privilege account access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML...
CVE-2018-12710
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account which is a low privilege account access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML...
VulnCheck KEV: CVE-2017-5521
Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server...
DLink DIR-601 - Admin Password Disclosure(CVE-2018-5708)
Description Having local access to the network but being unauthenticated to the administrator panel, a user can disclose the built in Admin username/password to access the admin panel 2. Proof of Concept For proof of concept, the real Admin password is "thisisatest" Step 1: Access default...
D-Link DIR-601 Admin Password Disclosure
Exploit Title: DLink DIR-601 Unauthenticated Admin password disclosure Google Dork: N/A Date: 12/24/2017 Exploit Author: Kevin Randall Vendor Homepage: https://www.dlink.com Software Link: N/A Version: Firmware: 2.02NA Hardware Version B1 Tested on: Windows 10 + Mozilla Firefox CVE : CVE-2018-570...
Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure Vulnerability
Netgear models DGN2200, DGND3700, and WNDR4500 suffer from multiple information disclosure vulnerabilities, one of which leaks the admin password. Title: Netgear DGN2200, DGND3700 and WNDR4500 Multiple Information Disclosure Vulnerabilities Author: Mandar jadhav Vendor Homepage:...
Meteocontrol WEB’log - Admin Password Disclosure
No description provided by source...
Multiple Vulnerabilities found in ZHONE
Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models Versions affected: S3.0.501...
ZHONE ZNID GPON < 3.1.241 Multiple Vulnerabilities
ZHONE ZNID GPON is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
telepark wiki 2.4.23 - Multiple Vulnerabilities
No description provided by source. Abysssec Inc Public Advisory Title : Telepark Wiki Multiple Remote Vulnerabilities Affected Version : = v2.4.23 Vendor Site : www.teamtodo.com Discovery : www.Abysssec.com Vendor contact : 8 november Vendor response : 9 november patch is available in vendor...
Portili Personal and Team Wiki <= 1.14 - Multiple Vulnerabilities
No description provided by source. Abysssec Inc Public Advisory Title : Portili Personal and Team Wiki Multiple Remote Vulnerabilities Affected Version : Portili Personal and Team Wik = 1.14 Vendor Site : www.Portili.com Discovery : www.Abysssec.com Vendor Contact : 10/4/2009 Vendor Response :...