20 matches found
GHSA-27H3-CRW2-Q36W SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
EUVD-2018-9316
Malware in sbrugna...
CVE-2019-14336
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request...
GHSA-J777-63HF-HX76 Envoy Admin Interface Exposed through prometheus metrics endpoint
Impact A user with access to a Kubernetes cluster where Envoy Gateway is installed can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration...
MSNSwitch Firmware MNT.2408 Remote Code Execution
Exploit Title: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion RCE Google Dork: n/a Date:9/1/2022 Exploit Author: Eli Fulkerson Vendor Homepage: https://www.msnswitch.com/ Version: MNT.2408 Tested on: MNT.2408 firmware CVE: CVE-2022-32429 !/usr/bin/python3 """ POC for unauthenticated...
MSNSwitch Firmware MNT.2408 - Remote Code Exectuion Exploit
Exploit Title: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion RCE Exploit Author: Eli Fulkerson Vendor Homepage: https://www.msnswitch.com/ Version: MNT.2408 Tested on: MNT.2408 firmware CVE: CVE-2022-32429 !/usr/bin/python3 """ POC for unauthenticated configuration dump, authenticated RCE o...
MSNSwitch Firmware MNT.2408 - Remote Code Execution
Exploit Title: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion RCE Google Dork: n/a Date:9/1/2022 Exploit Author: Eli Fulkerson Vendor Homepage: https://www.msnswitch.com/ Version: MNT.2408 Tested on: MNT.2408 firmware CVE: CVE-2022-32429 !/usr/bin/python3 """ POC for unauthenticated...
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure Exploit Title: SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://secu.jp/ Product Link: https://secu.jp/support/831.html CVE: N/A !/usr/bin/perl SecuSTATION SC-831 HD...
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure Exploit Title: Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://acesecurity.jp Product Link: https://acesecurity.jp/support/top/wipseries/wip-90113 CVE: N/A...
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
Title: ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: www.escam.cn Product Link: http://www.escam.cn/search/?class1=&class2=&class3=&searchtype=0&searchword=qd-900&lang=en CVE: N/A !/usr/bin/perl ESCAM QD-900 WIFI HD Camera Remote...
Hisilicon Hi3518 HD Camera Remote Configuration Disclosure Exploit
!/usr/bin/perl -w Hisilicon Hi3518 HD Camera Remote Configuration Disclosure Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for...
Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure
!/usr/bin/perl -w Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...
D-Link 6600-AP and DWL-3600AP Configuration File Dump Vulnerability
The D-Link DWL-6600AP is a dual-band unified managed wireless access point device designed for enterprise-class environments.The D-Link DWL-3600AP is a single-band unified managed wireless access point device designed for enterprise-class environments. A configuration file dump vulnerability exis...
CVE-2018-17563
A Malformed Input String to /cgi-bin/api-getlinestatus on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext...
ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage Author: Jerzy Patraszewski Date: 10 July 2015 Affected software : =================== ZTE GPON: F427 Version: V3.0 Firmware Image:...
ZTE GPON F427 Authorization Bypass / Cleartext Password Storage
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage Author: Jerzy Patraszewski Date: 10 July 2015 Affected software : =================== ZTE GPON: F427 Version: V3.0 Firmware Image:...
ZTE ZXDSL-931VII - Unauthenticated Configuration Dump
No description provided by source. Exploit Title: ZTE ZXDSL-931VII Unauthenticated Configuration Dump Google Dork: use your imagination Date: 09-12-2014 Exploit Author: L0ukanik0sGR Vendor Homepage: www.zte.com.cn Software Link:...
ZTE ZXDSL-931VII - Configuration Dump
Exploit Title: ZTE ZXDSL-931VII Unauthenticated Configuration Dump Google Dork: use your imagination Date: 09-12-2014 Exploit Author: L0ukanik0sGR Vendor Homepage: www.zte.com.cn Software Link:...
SerComm Device Configuration Dump
This module will dump the configuration of several SerComm devices. These devices typically include routers from NetGear and Linksys. This module was tested successfully against the NetGear DG834 series ADSL modem router. This module requires Metasploit: https://metasploit.com/download Current...
Multiple Brickcom Devices Authentication Bypass Vulnerability
The remote host is a Brickcom device and it is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...