Lucene search
K

72 matches found

Prion
Prion
added 2024/01/23 5:15 a.m.15 views

Input validation

Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.024.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

5CVSS7.1AI score0.00496EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/09/14 8:15 p.m.6 views

CVE-2023-37755

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...

9.8CVSS7.5AI score0.01094EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/12/01 12:0 a.m.116 views

CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...

8.8CVSS6.4AI score0.01239EPSS
In wildExploits1References2
Metasploit
Metasploit
added 2022/09/01 7:50 p.m.193 views

ManageEngine DataSecurity Plus Xnode Enumeration

This module exploits default admin credentials for the DataEngine Xnode server in DataSecurity Plus versions prior to 6.0.1 6011 in order to dump the contents of Xnode data repositories tables, which may contain a limited amount of Active Directory information including domain names, host names,...

10CVSS9.1AI score0.77477EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2022/08/17 12:0 a.m.6 views

PT-2022-15952 · Softing · Edgeaggregator +2

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server, edgeConnector, and edgeAggregator software affected versions not specified Description: The issue concerns the use of default administrator credentials, with the username as admin and the password as admin...

9.8CVSS9.4AI score0.00851EPSS
Exploits0References5
OSV
OSV
added 2022/02/07 11:15 a.m.3 views

CVE-2022-23320

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...

7.5CVSS7.2AI score
Exploits0References4
OSV
OSV
added 2021/03/03 4:15 p.m.4 views

CVE-2020-35296

ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...

7.5CVSS5.8AI score0.02228EPSS
Exploits1References3
OSV
OSV
added 2020/11/04 8:15 p.m.4 views

CVE-2020-27689

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...

9.8CVSS7.4AI score0.0217EPSS
Exploits1References2
Prion
Prion
added 2020/11/04 8:15 p.m.15 views

Design/Logic Flaw

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...

5CVSS9.5AI score0.0217EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/11/04 8:1 p.m.22 views

CVE-2020-27689

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...

9.6AI score0.0217EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2020/05/08 9:15 p.m.2 views

CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...

10CVSS5.8AI score0.77477EPSS
Exploits7References6
Packet Storm
Packet Storm
added 2020/05/08 12:0 a.m.212 views

ManageEngine DataSecurity Plus Authentication Bypass

XL-2020-002 - DataSecurity Plus Xnode Server - Authentication Bypass =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3 score ------------------------------------------------...

10CVSS0.7AI score0.77477EPSS
Exploits7
OSV
OSV
added 2019/03/21 4:0 p.m.3 views

CVE-2018-17492

EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application...

7.8CVSS5.8AI score0.00334EPSS
Exploits0References1
NVD
NVD
added 2019/03/21 4:0 p.m.11 views

CVE-2018-17485

Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application...

8.4CVSS8.5AI score0.00383EPSS
Exploits0References1
CNVD
CNVD
added 2019/03/20 12:0 a.m.3 views

Lobby Track Desktop Default Admin Credentials Vulnerability

Jolly Technologies Lobby Track Desktop is a desktop visitor management application from Jolly Technologies USA. The program has features such as pre-registering visitors, capturing photos and scanning driver's licenses. A security vulnerability exists in Jolly Technologies Lobby Track Desktop...

8.4CVSS6.8AI score0.00383EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/02/12 12:0 a.m.4 views

PT-2019-1535 · Cisco · Cisco Network Assurance Engine

Name of the Vulnerable Software and Affected Versions: Cisco Network Assurance Engine NAE Release 3.01 Description: A vulnerability in the management web interface of Cisco Network Assurance Engine NAE could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of...

7.7CVSS7.1AI score0.0029EPSS
Exploits0References4
exploitpack
exploitpack
added 2019/01/14 12:0 a.m.48 views

AudioCode 400HD - Command Injection

AudioCode 400HD - Command Injection CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony...

9CVSS0.2AI score0.68683EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.73 views

AudioCode 400HD - Command Injection

CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...

9CVSS8.8AI score0.68683EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/01/12 12:0 a.m.166 views

AudioCode 400HD Remote Command Injection

CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...

0.2AI score0.68683EPSS
Exploits5
Cvelist
Cvelist
added 2018/10/16 1:0 a.m.21 views

CVE-2018-18377

goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...

7.5AI score0.00919EPSS
Exploits1References1
Rows per page
Query Builder