69 matches found
Minimal Coming Soon & Maintenance Mode < 2.17 - Insecure permissions: Export Settings/Theme Change
There was a flaw that would allow any user logged in as a subscriber or above to export the plugin settings as a .txt file or modify the theme of the maintenance page on a vulnerable site. PoC Login with subscriber or above permissions and send the following request to export the plugin settings:...
Minimal Coming Soon & Maintenance Mode < 2.17 - Insecure permissions: Export Settings/Theme Change
There was a flaw that would allow any user logged in as a subscriber or above to export the plugin settings as a .txt file or modify the theme of the maintenance page on a vulnerable site. Login with subscriber or above permissions and send the following request to export the plugin settings:...
VulnCheck KEV: CVE-2020-6166
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes...
PT-2018-3878 · D Link · D-Link Dir-823G
Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G devices affected versions not specified Description: The issue is related to the lack of authentication in certain components of the D-Link DIR-823G device's firmware, specifically ExportSettings.sh, upload settings.cgi,...
The vulnerability of the components ExportSettings.sh, updateWPS, RebootSystem, and vpnBasicSettings of the Intelbras NCLOUD 300 Wi-Fi router’s microprogramming system allows a hacker to gain access to the device with administrator privileges.
The vulnerabilities of the components ExportSettings.sh /cgi-bin/ExportSettings.sh, updateWPS /goform/updateWPS, RebootSystem /goform/RebootSystem, and vpnBasicSettings /goform/vpnBasicSettings of the Intelbras NCLOUD 300 Wi-Fi router software are related to the use of pre-installed registration...
Intelbras NCLOUD 300 Denial of Service Vulnerability
Intelbras NCLOUD 300 is a wireless router device from Intelbras, Brazil. A security vulnerability exists in Intelbras NCLOUD 300 version 1.0, which stems from the program failing to require authentication. An attacker can exploit the vulnerability by sending requests to /cgi-bin/ExportSettings.sh...
CVE-2018-11094
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and...
CVE-2017-14387
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings including the NFS export security flavor for authentication that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly...
CVE-2004-0915
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hidecvsroot and forbidden settings, which could allow remote attackers to gain sensitive information...