EUVD-2017-6821

Malware in sbrugna...

NETGEAR ProSAFE Network Management System Elevation of Privilege Vulnerability

NETGEAR ProSAFE Network Management System is a network management system from NETGEAR for centralized management, monitoring, and configuration of network devices. An elevation of privilege vulnerability exists in NETGEAR ProSAFE Network Management System, which stems from the use of default MySQ...

CVE-2024-22901

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials...

PT-2024-4161 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the product installer due to the use of default...

Privilege Escalation

apache-superset is vulnerable to Privilege Escalation. The vulnerability is due to the default examples database connection. An attacker can exploit this flaw via using a specially crafted CTE SQL statement and as a result could tamper with the authentication / authorization data...

CVE-2023-40610 Apache Superset: Privilege escalation with default examples database

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

UBUNTU-CVE-2018-14668

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...

CVE-2019-10123

SQL Injection in Advanced InfoData Systems AIS ESEL-Server 67 which is the backend for the AIS logistics mobile app allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user...

Dell OpenManage Network Manager MySQL vulnerability

Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...

CVE-2018-14668

"remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks. Andrey Krasichkov of Yandex Information Security Team...

Worry-Free Shopping System ASP General Edition has multiple vulnerabilities

Hassle-free shopping system ASP General Edition is a shopping site based on ASP/Access development of general management system set up. Worry-Free Shopping System ASP General Edition is vulnerable to default database download, arbitrary user login, multiple stored cross-site scripts, payment desi...

CVE-2017-15366

Before Thornberry NDoc version 8.0, laptop clients and the server have default database Cache users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devic...

XYCMS管理咨询公司建站系统存在默认数据库下载和存储型XSS

简要描述： XYCMS管理咨询公司建站系统存在默认数据库下载和存储型XSS 详细说明： XYCMS管理咨询公司建站系统存在默认数据库下载和存储型XSS。 源码地址：http://down.chinaz.com/soft/29472.htm 一是存在存储型XSS，发生在在线应聘处，可插入XSS代码，漏洞文件：Careersyp.asp 可谷歌搜索：inurl:Careersyp.asp 实例如下：http://www.gaonengkedi.com/Careersyp.asp?id=4 http://njqygl.com/Careersyp.asp?id=1...

shibby shop <= 2.2 (sql/update) Multiple Vulnerabilities

No description provided by source. Title: sHibby sHop v2.2 = Remote SQL/Update Multiple Vulnerability ================================================================ + Author : KnocKout + Special Thankz : Dr.Kacak + System 0VerfL0verZ...

The movable section(dkcms)vulnerability-vulnerability warning-the black bar safety net

The main is almost 3 versions of main, v2. 0 v3. 1 v4. 2 Google keyword: powered by dkcms The website turned out to find the source code download, Baidu, download this 3 source code, as is the asp source code, mostly to look at the default database, what are the three default database V2. 0...

COCOON Counter statistical procedures vulnerability summary-vulnerability warning-the black bar safety net

A default database: counter/db/dbCCCounter6. mdb It can also be directly opened: http://www.badguest.cn /Counter/utilities/update. asp To view the source file, lookup! You can find the database address. Program problem. Second, the storm path vulnerability Use the probe http://www. xxx. com...

Mavili Guestbook 200711 Cross Site Scripting / SQL Injection

Title: mavili guestbook - SQL Injection and XSS Vulnerabilities Software : mavili guestbook Software Version : 200711 Vendor: http://code.google.com/p/maviliguestbook/ Vulnerability Published : 2012-01-03 Vulnerability Update Time : Status : Impact : High Bug Description : mavili guestbookversion...

Xianyou travel Agency management system v1. 0 vulnerabilities and fixes-vulnerability warning-the black bar safety net

Author:mer4en7y Blog:www.hi.baidu.com/alonecode 1injection vulnerabilities: Vulnerability file:newlist. asp: bid = trimrequest"bid" sid = trimrequest"sid" ... if bid"" then bwhere = " & bigid="& bid &"" else bwhere = "" end if if sid"" then swhere = " & smallid="& sid &"" else swhere = "" end if...

PJBlog3 v3. 1. 6. 2 2 7 vulnerabilities and solutions-vulnerability warning-the black bar safety net

| 1. View the default database blogDB/PBLog3. asp whether exist! 2。 The registration ID 3. the To┼pay offs number 畣 whole 爠 Hwan enemy 瑳∨≒┩congregation┼anvil this in the name of the password just under 4。 In to the user management location find your registration of the user in the this...

union select control ewebeditor Upload File suffix-vulnerability warning-the black bar safety net

Form:dark group technology Forum union select control ewebeditor Upload File suffix2.16 Currently circulating online too much ewebeidtor a modified version of the lite version 2 1 6 version of ewebeditor the presence of an injection vulnerabilities after a version also exists such a problem Some...