121 matches found
CVE-2022-46371 Alotcer - AR7088H-A Information disclosure
Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message contains the default administrator user name...
eCart Multi Vendor eCommerce System 1.x Insecure Settings
==================================================================================================================================== | Title : eCart – Multi Vendor eCommerce System 1.x Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
eCart Web 4.0.0 Insecure Settings
==================================================================================================================================== | Title : eCart Web v4.0.0- Multi Vendor eCommerce Marketplace Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...
Deprixa Pro CMS 3.2.5 Insecure Settings
==================================================================================================================================== | Title : Deprixa Pro CMS 3.2.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
CVE-2022-36785
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains defaul...
Authorization
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains defaul...
CVE-2022-36785 D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass.
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains defaul...
Information Disclosure
github.com/free5gc/free5gc is vulnerable to information disclosure. A remote unauthenticated attacker can acquire confidential information of UEs, subscribers and tenants via the webconsole without authentication because it uses the default username Admin, which can be used as a token header...
Cisco vManage 信任管理问题漏洞
Cisco vManage is a highly customizable dashboard from Cisco, Inc. that simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Cisco vManage is vulnerable to a trust management issue. A remote attacker exploiting this vulnerability would be able to acces...
TOTOLINK EX1200T Trust Management Issue Vulnerability
TOTOLINK EX1200T is a Wi-Fi range extender from China-based Gion Electronics TOTOLINK.TOTOLINK EX1200T is vulnerable to a trust management issue, which stems from the presence of a default username and password in the firmware, and can be exploited by an attacker to launch telnet without...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
CVE-2021-4034 CVE-2021-4034: Add Root User – Pkexec Local Pri...
CVE-2021-28909
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SS...
CVE-2021-28909
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SS...
FortiWLC - Hardcoded root password
A use of hard-coded password vulnerability in FortiWLC may allow a local, authenticated attacker to connect to the managed Access Point Meru AP and FortiAP-U as root using the default hard-coded username and password...
CVE-2021-20025
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the...
CVE-2021-20025
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the...
SonicWall Email Security Virtual Appliance Static Credential Vulnerability
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance only when the device i...
GaussDB Kernel: Deleting the Default Username
You are advised not to use a well-known username, for example, postgres. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...
Default credentials
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but...
Gophish - Open-Source Phishing Toolkit
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Install Installation of Gophish is dead-simple - just download and extract the zip...