CVE-2020-24130

A cross site request forgery CSRF vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts...

PT-2025-47157

Name of the Vulnerable Software and Affected Versions QaTraq version 6.9.2 Description The software ships with default administrative account credentials enabled, allowing immediate login via the web application login page. An attacker reaching the login page can gain administrative access due to...

PT-2024-9196 · Abb · Abb Aspect +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.07.02 NEXUS Series version 3.07.02 MATRIX Series version 3.07.02 Description: The issue is related to the use of default passwords in the system, which does not require the installer to change them. This allo...

Hirschmann HiOS Switches Improper Authentication (CVE-2021-27734)

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVE...

PT-2024-1194

Name of the Vulnerable Software and Affected Versions Hitron Systems DVR HVR-4781 versions 1.03 through 4.02 Description The issue is related to the use of default credentials in the Hitron Systems DVR HVR-4781, which can be exploited by a remote attacker to cause a denial of service by utilizing...

IBM Aspera 安全漏洞

IBM Aspera is an IBM FASP protocol-based fast file transfer and streaming solution from International Business Machines IBM. IBM Aspera Faspex version 5.0.4 is vulnerable to an access control error, which stems from the existence of improper access control of the application. An authenticated...

CVE-2023-27073

A Cross-Site Request Forgery CSRF in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request...

Online Food Ordering System 跨站请求伪造漏洞

Online Food Ordering System is an online food ordering system by Carlo Montero, an individual developer. A security vulnerability exists in Online Food Ordering System version 1.0, which stems from a cross-site request forgery CSRF vulnerability. The vulnerability can be exploited by an attacker ...

PT-2022-23264 · Nokia · Nokia Fastmile

Name of the Vulnerable Software and Affected Versions: Nokia Fastmile 3tg00118abad52 devices affected versions not specified Description: The issue concerns a default hardcoded admin account with the credentials admin:Nq+L5st7o. This account can be used locally to access the web admin interface...

CVE-2020-24130

A cross site request forgery CSRF vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts...

Belden HiOS授权问题漏洞

Belden HiOS is an operating system for Ethernet switches from Belden, Inc. A security vulnerability exists in Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01, which could be exploited by a remote attacker to alter the credentials of an existing us...

PT-2021-11745 · Unknown · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 6 Description: The issue concerns default administrator credentials in ThinkAdmin, allowing attackers to gain unrestricted access to the administrator dashboard. Recommendations: For ThinkAdmin version 6, change the default...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the D-Link DSL-6740U gateway Rev. H1 allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to 1 Custom Services in Port Forwarding, 2...

Cohu 3960HD Authentication Deficiency Vulnerability

The Cohu 3960HD is an IP zoom camera from Cohu USA that is typically used as a traffic camera. A security vulnerability exists in the Cohu 3960HD that stems from the program's failure to validate commands received on a remote configuration port. An attacker can exploit the vulnerability to change...

CVE-2017-9138

There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...

Shopify: Access to Splunk at https://apt.ec2.shopify.com:8089

Description: Default Splunk admin credentials were found at https://apt.ec2.shopify.com:8089 Default credentials login:admin password:changeme See pic 1 as POC Resolution: Change credentials Please let me know if you need some extra information. Sorry if this report if out of scope, i thought it...

Multiple Cross-Site Request Forgery Vulnerabilities in Dating Pro

Dating Pro has multiple cross-site request forgery vulnerabilities. Due to the lack of authentication of the HTTP request sources "/admin/ausers/index" script and "/admin/notifications/settings/" script, an unauthenticated remote attacker can create a specially malicious web page, trick a logged-...

PHPDug Cross-Site Request Forgery Vulnerability (CNVD-2015-00242)

PHPDug is an open source social news site that supports sharing stories, news, images and more. PHPDug 2.0.0 suffers from a cross-site request forgery vulnerability that allows remote attackers to hijack administrative authentication to hijack authentication of requests for administrars to modify...

Multiple Vulnerabilities in BEdita

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BEdita which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in BEdita The vulnerability exists due to input sanitation error in...