CVE-2026-9039

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

CVE-2019-11618

doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 accesstoken in a uri=blog=index=blog action to...

EUVD-2018-8735

Malware in sbrugna...

CVE-2024-51553

Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2023-24838

HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator's credential. This credential can then be used to login PowerStation or Secure Shell to achieve remote code execution...

Advantech WebAccess Access Control Error Vulnerability (CNVD-2020-22292)

Advantech WebAccess is a set of HMI/SCADA software based on browser architecture from Advantech, Taiwan, China. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An access control error vulnerability exist...

CVE-2019-11618

CVE-2019-11618 affects doorGets 7.0 and is caused by a default administrator credential vulnerability. A remote attacker can gain administrator privileges to create/modify articles by using the token H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 in a URI (blog action to /api/index.php). Public docu...

CVE-2019-11618

doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 accesstoken in a uri=blog&action=index&controller=blog...

NPM-V (Network Power Manager) 2.4.1 Password Reset

NPM-VNetwork Power Manager = 2.4.1 Reset Password Vulnerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: NPM-V Affected Version : 2.4.1 and below Vendor : http://www.china-clever.com Product Link : http://www.china-clever.com/en/index.php/product?view=products&cid=125 Date:...

Splunk Custom App Remote Code Execution

This module exploits a feature of Splunk whereby a custom application can be uploaded through the web based interface. Through the 'script' search command a user can call commands defined in their custom application which includes arbitrary perl or python code. To abuse this behavior, a valid...

Cross-site Request Forgery (CSRF) Vulnerabilities in Argyle Social

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Argyle Social which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerabilities in Argyle Social 1.1 The vulnerability exists due to insufficient validation...