323 matches found
CVE-2025-8452
By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...
CVE-2025-8452 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.
By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...
VulnCheck KEV: CVE-2020-4429
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534...
CVE-2012-10042
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials admin:secret and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling...
CVE-2012-10042
CVE-2012-10042 affects Sflog! CMS 1.0 via an authenticated file-upload vulnerability in the blog management interface (manage.php). With default credentials (admin:secret), authenticated users can upload files to blogs/download/uploads/, where the upload validation is insufficient, enabling a PHP...
VulnCheck KEV: CVE-2024-51978
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...
CVE-2024-51978
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...
Multiple Brother Devices: Multiple Vulnerabilities (FIXED)
Overview Update June 25, 2025: Update statistics to reflect an additional 6 affected models from Konica Minolta, Inc. Rapid7 conducted a zero-day research project into multifunction printers MFP from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some o...
The vulnerability of the microprogramming software of the Elspec G5 digital event recorder, related to the use of default administrative account information, allows a intruder to gain unauthorized access to the device.
The vulnerability of the microprogramming software of the Elspec G5 digital event recorder is related to the use of default administrative account information. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to the device...
CVE-2022-36222
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...
CVE-2020-27689
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...
CVE-2020-11720
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password...
kentico-xperience13-AuthBypass-wt-2025-0011
WT-2025-0011 CVE not assigned yet Kentico Xperience 13 CMS -...
CVE-2024-13653
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' function in all versions up to, and including, 2.12.0. This makes it possible fo...
CVE-2024-22768
Improper Input Validation in Hitron Systems DVR HVR-4781 1.034.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...
CVE-2024-22770
Improper Input Validation in Hitron Systems DVR HVR-16781 1.034.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...
MegaBIP 安全漏洞
MegaBIP is a software for creating BIP websites from MegaBIP Inc. A security vulnerability exists in MegaBIP version 5.15, which stems from the fact that the default admin portal path, which is recommended to be changed during installation, is publicly available in the /registered.php source code...
PT-2024-31500
Name of the Vulnerable Software and Affected Versions EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2 c1.9.51 Description The issue allows for OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During initial setup, the device creates an open unsecured...
Adobe FrameMaker Publishing Server 2022 < 17.0.1 (2022.0.1) Security Feature Bypass (APSB23-58)
The version of Adobe FrameMaker Publishing Server installed on the remote Windows host is prior to Adobe FrameMaker Publishing Server 2022 17.0.1. It is, therefore, affected by a vulnerability as referenced in the apsb23-58 advisory. - Adobe FrameMaker Publishing Server versions 2022 and earlier...
Online Eyewear Shop 1.0 Insecure Settings
============================================================================================================================================= | Title : Online Eyewear Shop v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...