365 matches found
Horde Groupware Unauthenticated Admin Access
Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account wi...
PT-2026-47047
Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management - Arista Next Generation Firewall NGFW affected versions not specified Description A command injection issue exists in the Captive Portal Custom Handler. An administrative account logged into the user interface ca...
CVE-2026-3867
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...
CVE-2026-4312
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...
CVE-2026-4312 DrangSoft|GCB/FCB Audit Software - Missing Authentication
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...
CVE-2018-25200
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...
CVE-2026-23595
An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...
CVE-2026-23595
CVE-2026-23595 describes an authentication bypass in the application API that allows an attacker to create unauthorized administrative accounts, enabling privileged access and potential data/configuration manipulation. Public entries consolidate this description across NVD/Red Hat/CIRCL/attackerk...
PT-2026-7993
Name of the Vulnerable Software and Affected Versions HPESBNW05002 rev.1 Description An authentication bypass in the application API allows the creation of an unauthorized administrative account. A remote attacker could exploit this to create privileged user accounts, potentially gaining...
CVE-2023-49233
Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of...
CVE-2020-36908
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full...
CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie Awie import module allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0...
CVE-2025-15026
CVE-2025-15026 affects Centreon Infra Monitoring, specifically the centreon-awie (Awie import module). The root cause is a missing authentication check for a critical function, allowing access to functionality not properly constrained by ACLs. Affected versions are: 25.10.0–25.10.1 (before 25.10....
CVE-2025-63747
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can ga...
PT-2025-47157
Name of the Vulnerable Software and Affected Versions QaTraq version 6.9.2 Description The software ships with default administrative account credentials enabled, allowing immediate login via the web application login page. An attacker reaching the login page can gain administrative access due to...
Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29088)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from the creation of an undocument...
EUVD-2011-0569
Malware in sbrugna...
EUVD-2006-6871
Malware in sbrugna...
EUVD-2018-8883
Malware in sbrugna...
EUVD-2002-1846
Malware in sbrugna...