Jellyfin 跨站脚本漏洞

Jellyfin is a freeware media system. It allows you to control the management and streaming of media. It is an alternative to the proprietary Emby and Plex and can serve media from a dedicated server to end-user devices through multiple applications. A cross-site scripting vulnerability exists in...

CVE-2022-28605

Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory...

CVE-2022-28605

Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory...

CVE-2022-28605

The CVE-2022-28605 entry concerns Linkplay SDK 1.00, specifically in SoundBar apps, where a hardcoded admin token enables remote attackers to gain admin privileges in the Linkplay antifactory. The vulnerability stems from a hardcoded credential in the SoundBar app integration with the Linkplay SD...

CVE-2022-28605

Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory...

GHSA-RXRM-XVP4-JQVH OpenStack Keystone Sensitive information disclosure via log files

OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Linuxfoundation Containerd

PoC for CVE-2022-23648 This is a proof of concept for @fel...

CVE-2021-36166

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties...

VulnCheck KEV: CVE-2020-8657

EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token...

CVE-2020-12776

Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie...

Nagios Log Server Incorrect Access Control Vulnerability

Nagios Log Server is a powerful enterprise-grade log monitoring and management application that allows organizations to quickly and easily view, sort, and configure logs from any source on any given network. An incorrect access control vulnerability exists in Nagios Log Server 2.1.3. An attacker...

PT-2020-6507

Name of the Vulnerable Software and Affected Versions EyesOfNetwork version 5.3 Description The issue is related to the use of a hardcoded API key, EONAPI KEY, in the include/api functions.php file for API version 2.4.2. This allows an attacker to calculate or guess the admin access token,...

CVE-2019-7746

JioFi 4 jmr1140 AmtelJMR1140R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmapauth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset...

CVE-2019-7746

JioFi 4 jmr1140 AmtelJMR1140R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmapauth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset...

Cross site request forgery (csrf)

JioFi 4 jmr1140 AmtelJMR1140R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmapauth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset...

CVE-2019-7746

JioFi 4 jmr1140 AmtelJMR1140R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmapauth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset...

Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - CSRF (Admin Token Disclosure) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Jiofi 4 JMR 1140 CSRF To Leak Admin Tokens to change wifi Password or Factory Reset Router Exploit Author: Ronnie T Baby Contact:https://www.linkedin.com/in/ronnietbaby Vendor Homepage: www.jio.com Hardware Link:...

HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root

KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt 1. Vulnerability Details...

jenkins: API tokens of other users available to admins (SECURITY-200)

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

CVE-2015-4964

IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTHTOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process...