38 matches found
CVE-2025-13315
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...
EUVD-2007-5408
Malware in sbrugna...
EUVD-2006-3284
Malware in sbrugna...
EUVD-2025-32230
Malicious code in bioql PyPI...
SurgeNews User Credentials
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SurgeNews User Credentials', 'Description' = %q This module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080...
Cyber Cafe Management System 跨站脚本漏洞
Cyber Cafe Management System CCMS is a cyber cafe management system by the individual developer Anuj Kumar. A cross-site scripting vulnerability exists in version 1.0 of the Phpgurukul Cyber Cafe Management System that could allow a remote attacker to inject arbitrary web script or HTML via the...
PT-2023-14920 · Alotcer · Alotcer - Ar7088H-A
Name of the Vulnerable Software and Affected Versions: Alotcer - AR7088H-A firmware version 16.10.3 Description: The issue concerns an information disclosure where an unspecified error message contains the default administrator user name. Recommendations: For Alotcer - AR7088H-A firmware version...
Alotcer AR7088H 安全漏洞
The Alotcer AR7088H is an embedded edge router from Alotcer China. A security vulnerability exists in the Alotcer AR7088H firmware version 16.10.3, which stems from the presence of an information disclosure where an unspecified error message contains the default administrator username...
CVE-2021-40597
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password...
Edimax Technology IC-3140W 信任管理问题漏洞
Edimax Technology Ipcam IC-3140W is a webcam from China-based Edimax Technology. A security vulnerability exists in the Edimax Technology IC-3140W version 3.11, which originates from the use of an administrator's username and password that are hardcoded...
CVE-2022-30898
A Cross-site request forgery CSRF vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password...
CVE-2022-26653
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details such as the username and GUID of an administrator...
Zoho ManageEngine Remote Access Plus 安全漏洞
Zoho ManageEngine Remote Access Plus is a remote access solution from ZOHO, Inc. A security vulnerability exists in Zoho ManageEngine Remote Access Plus, which could be exploited by an attacker to allow guest users to view domain details such as the administrator's username and GUID...
CVE-2020-5143
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and G...
CVE-2020-23980
DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page...
CVE-2018-19078
The CVE-2018-19078 entry concerns Foscam Opticam i5 devices (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). The issue is an information disclosure: the ONVIF media GetStreamUri response contains the administrator username and password. This is documented in CNVD-2018-22818 and echoed...
SurgeNews User Credentials
This module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log files. This module extracts the...
mcms最新版SQL注入漏洞(可出任意数据)
简要描述: mcms最新版SQL注入漏洞(可出任意数据) 详细说明: 掌易科技的程序员反应相当快啊,确认漏洞当天就修复以后出新版本了,前面在wooyun提的几个漏洞新版的mcms做了相应的处理,发布了新版v3.1.3.enterprise,再来研究研究。 注入一枚: GET /app/public/gov.shop.order.php?m=view&orderid=1(注意public文件夹是安装系统时取的名字)其中orderid没有过滤,直接进行sql执行。 function mview global $dbm,$result,$V,$C,$orderid;...
Wordpress MainWP Child Plugin 2.0.9.1 /class/MainWPChild.class.php 登录绕过漏洞
/class/MainWPChild.class.php $this-postswheresuffix = ''; $this-commentsandclauses = ''; addaction'templateredirect', array$this, 'templateredirect'; addaction'init', array&$this, 'parseinit'; addaction'adminmenu', array&$this, 'adminmenu'; addaction'admininit', array&$this, 'admininit';...
Iwebmall 最新版SQL注入第五枚
简要描述: Iwebmall 最新版SQL注入第五枚 详细说明: 看到wooyun上有人提了几个iweb的漏洞( WooYun: iwebmall商城程序sql注入 , WooYun: Iwebsns sql 第五枚。 ),我来捡捡漏儿吧,希望不要重复。 先把注入点拿出来:www.xxx.com/do.php?act=shopguestbookdel ,POST的内容中有个参数favoriteshop,存在注入。 action/shop/guestbookdel.action.php 无关代码 //数据库操作 dbtarget'w',$dbServs; $dbo=new dbex;...