CVE-2020-35756

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...

Design/Logic Flaw

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...

CVE-2020-35756

Summary: CVE-2020-35756 affects Libre Wireless LS9 LS1.5/p7040 devices. The luci_service daemon on port 7777 accepts a GETPASS command without authentication and returns the device configuration password in cleartext, enabling unauthenticated access to leak the user’s configuration password. Affe...

CVE-2020-35756

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...

Libre Wireless 访问控制错误漏洞

The Libre Wireless LS9 is a networking device from Libre Wireless, Inc. A security vulnerability exists in the Libre Wireless LS9 LS1.5/p7040 devices. The vulnerability stems from a luci service daemon running on port 7777 returning the device configuration password in plaintext without...

HDWiki 5.1 任意用户密码修改漏洞

简要描述： HDWiki重置密码存在一处逻辑漏洞，导致攻击者可以修改任意用户密码。 详细说明： control/user.php function dogetpass ...... elseifisset$this-post'verifystring' $uid=$this-post'uid'; $encryptstring=$this-post'verifystring'; $idstring=$ENV'user'-getidstringbyuid$uid,$this-time; if$idstring==$encryptstring //没考虑到提交为空与查询返回为空的情况，一个逻辑...

Debian Security Advisory DSA 461-1 (calife)

The remote host is missing an update to calife announced via advisory DSA 461-1. OpenVAS Vulnerability Test $Id: deb4611.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 461-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Re: [Full-disclosure] screen 4.0.3 local Authentication Bypass

-----Original Message----- Subject: Re: Full-disclosure screen 4.0.3 local Authentication Bypass Verified on OpenBSD I'm not seeing a 'Getpass error' message on 4.1-STABLE current, but there does seem to be a problem with locking and reattaching: $ screen space $ echo "This is the locked screen"...

CVE-2005-2004

Multiple cross-site scripting vulnerabilities in Ultimate PHP Board UPB 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ref parameter to login.php, 2 id or 3 page parameter to viewtopic.php, id parameter to 4 profile.php, 5 newpost.php, 6 email.php, ...