72 matches found
Input validation
Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.024.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...
CVE-2023-37755
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...
CVE-2022-45045
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...
ManageEngine DataSecurity Plus Xnode Enumeration
This module exploits default admin credentials for the DataEngine Xnode server in DataSecurity Plus versions prior to 6.0.1 6011 in order to dump the contents of Xnode data repositories tables, which may contain a limited amount of Active Directory information including domain names, host names,...
PT-2022-15952 · Softing · Edgeaggregator +2
Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server, edgeConnector, and edgeAggregator software affected versions not specified Description: The issue concerns the use of default administrator credentials, with the username as admin and the password as admin...
CVE-2022-23320
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...
CVE-2020-35296
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...
CVE-2020-27689
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...
Design/Logic Flaw
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...
CVE-2020-27689
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...
ManageEngine DataSecurity Plus Authentication Bypass
XL-2020-002 - DataSecurity Plus Xnode Server - Authentication Bypass =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3 score ------------------------------------------------...
CVE-2018-17492
EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application...
CVE-2018-17485
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application...
Lobby Track Desktop Default Admin Credentials Vulnerability
Jolly Technologies Lobby Track Desktop is a desktop visitor management application from Jolly Technologies USA. The program has features such as pre-registering visitors, capturing photos and scanning driver's licenses. A security vulnerability exists in Jolly Technologies Lobby Track Desktop...
PT-2019-1535 · Cisco · Cisco Network Assurance Engine
Name of the Vulnerable Software and Affected Versions: Cisco Network Assurance Engine NAE Release 3.01 Description: A vulnerability in the management web interface of Cisco Network Assurance Engine NAE could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of...
AudioCode 400HD - Command Injection
AudioCode 400HD - Command Injection CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony...
AudioCode 400HD - Command Injection
CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...
AudioCode 400HD Remote Command Injection
CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...
CVE-2018-18377
goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...