CVE-2026-42289

ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an...

CVE-2026-21483 listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user Super Admin views or previews this content, the...

EUVD-2015-2969

Malware in sbrugna...

CVE-2017-8218

vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password...

Shopify: Stocky App Administrator can create a backdoor admin account by using an existing POS User

Details The Stocky App has POS Users that are being created once a POS Staff logs in into the application from the Point Of Sale application on a mobile device. From the users management page located at https://stocky.shopifyapps.com/users there's no visible way to edit those POS users. Although,...

AMSS++ 4.7 - Backdoor Admin Account

Title: AMSS++ 4.7 - Backdoor Admin Account Author: indoushka Date: 2020-02-23 Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor : http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.rar Dork : แนะนำให้ใช้บราวเซอร์ Google Chrome "AMSS++"...

AMSS++ 4.7 - Backdoor Admin Account

AMSS++ 4.7 - Backdoor Admin Account Title: AMSS++ 4.7 - Backdoor Admin Account Author: indoushka Date: 2020-02-23 Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor : http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.rar Dork : แนะนำให้ใช้บราวเซอร์...

CVE-2018-14583

XYHCMS 3.5 is affected by a Cross-Site Request Forgery (CSRF) in the URL xyhai.php?s=/Auth/addUser, which can be used to add a background administrator account. The vulnerability is described across multiple sources as CVE-2018-14583. The provided connected documents confirm the affected componen...

CVE-2015-2887

iBaby M3S has a password of admin for the backdoor admin account...

CVE-2015-2887

iBaby M3S has a password of admin for the backdoor admin account...

CVE-2015-2887

The CVE-2015-2887 entry affects the iBaby M3S video baby monitor, where a backdoor admin account is protected by the default password “admin.” Public sources (NVD entry) assign a NETWORK attack vector with high impact, and CNVD-2017-05189 describes a privilege-acquisition vulnerability enabling O...

Axis Network Camera 2.x And Video Server 1-3 - HTTP Authentication Bypass

source: https://www.securityfocus.com/bid/11011/info A hardcoded backdoor administrative-user issue allows remote attackers to administer affected devices. This likely cannot be disabled. This issue is reported to affect: - Axis StorePoint CD E100 CD-ROM Server with firmware version 5.30 ?php...