14 matches found
CVE-2026-34474
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...
CVE-2026-34474
CVE-2026-34474 affects ZTE ZXHN H298A (1.1) and H108N (2.6) routers. A crafted request to the device’s web interface can cause a sensitive-data exposure, potentially returning the administrator password and WLAN PSK, which could enable authentication bypass and wireless/network compromise. Some f...
EUVD-2024-2659
Malicious code in bioql PyPI...
CVE-2024-29026
Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit...
CVE-2024-39314
The CVE-2024-39314 issue affects toy-blog versions 0.4.3 to before 0.5.0, where the administrative password was leaked via a command line parameter (root cause: command line exposure). A fix is available in version 0.5.0. As a workaround, versions 0.4.14 and later can pass the bearer token via st...
PT-2024-28438 · Toy-Blog · Toy-Blog
Name of the Vulnerable Software and Affected Versions: toy-blog versions 0.4.3 through 0.4.14 toy-blog versions prior to 0.4.14 Description: The administrative password is leaked through the command line parameter. This issue was patched in version 0.5.0. Recommendations: For versions 0.4.14 and...
CVE-2023-41027
Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint...
PT-2023-27747 · Juplink · Juplink Rx4-1500
Name of the Vulnerable Software and Affected Versions: Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 Description: The issue allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint "/webs/userpasswd.htm"...
Juplink RX4-1500 Security Vulnerability
The Juplink RX4-1500 is a wireless router from Juplink. A security vulnerability exists in the Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5, which originates from an information disclosure vulnerability in the /webs/userpasswd.htm endpoint. An attacker can exploit the...
SUSE-SU-2020:2876-1 Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-nova, python-Flask-Cors, rubygem-crowbar-client, storm, storm-kit, venv-openstack-cinder, venv-openstack-horizon
This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila,...
CVE-2020-10973
An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacke...
CVE-2018-13317
Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm...
phpsftpd.txt
Author: Stefan Lochbihler Date: 11. Juli 2005 Affected Software: PHPsFTPd Software Version: 0.2 - 0.4 Software URL: http://phpsftpd.sourceforge.net/ Attack: Admin password leak about PHPsFTPd: PHPsFTPd is a web based administration and configuration interface for the SLimFTPd ftp serverIt can be...
Edimax 7205APL
Vendor: Edimax Type: 7205APL Firmware: 2.40a-00 Kind of bug: Security Description: Normally a user called addmin, has to create a password on the Accesspoint. When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file. Opening the file in Notepad gave the...