19 matches found
EUVD-2018-9245
Malware in sbrugna...
EUVD-2020-4744
Malware in sbrugna...
EUVD-2018-2769
Malware in sbrugna...
EUVD-2008-0781
Malware in sbrugna...
EUVD-2022-6364
Malicious code in bioql PyPI...
EUVD-2025-6975
Malicious code in bioql PyPI...
EUVD-2025-18969
Malicious code in bioql PyPI...
CVE-2025-6951
A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default credentials. Access to the local network is required for this attack to succeed. The exploit has been...
CVE-2020-10919
This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When...
CVE-2025-4286
A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to...
CVE-2025-2772 BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability
BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this...
CVE-2024-9309 SSRF in POST /worker_generate_stream API endpoint in haotian-liu/llava
A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...
PT-2023-21893 · Jenkins · Jenkins Octoperf Load Testing Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OctoPerf Load Testing Plugin Plugin versions 4.5.1 and earlier Description: The issue allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through...
EyesOfNetwork Use of Hard-Coded Credentials Vulnerability
EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token...
Mautic cross-site scripting vulnerability (CNVD-2021-07536)
Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. Mautic 3.2.4 suffers from a cross-site scripting vulnerability that allows remote attackers to inject executable JavaScript via the Referer header of an...
MediaWiki - 'Thumb.php' Remote Command Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'MediaWiki Thumb.php Remote Command Execution', 'Description' = %q MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x...
MS03-045: Buffer Overrun in the ListBox and in the ComboBox (824141)
A vulnerability exists because the ListBox control and the ComboBox control both call a function, located in the User32.dll file, that contains a buffer overrun. A local, interactive attacker could run a program that sends a specially crafted Windows message to any application that has implemente...
OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
effect: local root vulnerable services: -pass Kerberos IV TGT -pass AFS Token bug details: radix.c GETSTRING macro in radixtocreds function may cause buffer overflow. affected buffers: creds-service creds-instance creds-realm creds-pinst exploit code here: mantra.freeweb.hu...
CVE-2001-1403
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar...