EUVD-2018-12586

Malware in sbrugna...

SUSE CVE-2014-7823

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIRDOMAINXMLMIGRATABLE flag, which triggers the use of the VIRDOMAINXMLSECURE flag...

H2database 安全漏洞

H2database is an embeddable Rdbms written in Java. A security vulnerability exists in H2database version 2.1.214, which stems from the fact that the web-based administration console can be started via the CLI with the parameter -webAdminPassword, which allows a user to specify the password for th...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

weblogic-scan weblogic 漏洞扫描工具 妄想试图weblogic一把梭 目前检测的功能 - x console 页面探测 & 弱口令扫描 - x uuid页面的SSRF - x CVE-2017-10271 wls-wsat页面的反序列化 - x CVE-2018-2628 反序列化 - x CNVD-C-2019-48814 后期可以的话还会继续加功能的，主要是一些反序列化的poc真的不好写，我也不咋会.. USE 使用前请先填写config.py中的server参数...

CVE-2018-20008

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials plain text and the web-console password base64 via the debugging console...

Improper access control

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials plain text and the web-console password base64 via the debugging console...

CVE-2018-20008

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials plain text and the web-console password base64 via the debugging console...

CVE-2018-20008

CVE-2018-20008 affects iBall Baton iB-WRB302N20122017 devices. The issue is improper access control on the UART interface, allowing a physical attacker with access to the debugging console to retrieve Wi‑Fi credentials (plain text) and the web‑console password (base64). The root cause is limited ...

CVE-2018-20008

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials plain text and the web-console password base64 via the debugging console...

Symantec Endpoint Protection Manager Privilege Bypass Vulnerability

Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. A privilege bypass vulnerability exists in SEPM version 12.1, which can be exploited by an attacker to bypass the lockout threshold restriction with authorized window access...

Hardcoded credentials

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...

WBR-3406 Wireless Broadband NAT Router - Web-Console Password Change Bypass Cross-Site Request Forgery

WBR-3406 Wireless Broadband NAT Router - Web-Console Password Change Bypass Cross-Site Request Forgery ----------------------------------------------------------- WBR-3406 Wireless Broadband NAT Router Web-Console Password Change Bypass & CSRF Vulnerability This PoC code should do two main things...

virt-v2v: vnc password protection is missing after vm conversion

virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password...

[SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - -- Webserver 4D v3.6 Weak Password Preservation Vulnerability -- - -- Type Design Error - -- Release Date September 25, 2002 - -- Product / Vendor Webserver 4D by MDG Computer Services, Inc. is an complete Web Server environment written entirely on t...