CVE-2020-35756

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...

Design/Logic Flaw

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...

CVE-2020-35756

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...

CVE-2020-35756

Summary: CVE-2020-35756 affects Libre Wireless LS9 LS1.5/p7040 devices. The luci_service daemon on port 7777 accepts a GETPASS command without authentication and returns the device configuration password in cleartext, enabling unauthenticated access to leak the user’s configuration password. Affe...

Libre Wireless 访问控制错误漏洞

The Libre Wireless LS9 is a networking device from Libre Wireless, Inc. A security vulnerability exists in the Libre Wireless LS9 LS1.5/p7040 devices. The vulnerability stems from a luci service daemon running on port 7777 returning the device configuration password in plaintext without...

HDWiki 5.1 任意用户密码修改漏洞

简要描述： HDWiki重置密码存在一处逻辑漏洞，导致攻击者可以修改任意用户密码。 详细说明： control/user.php function dogetpass ...... elseifisset$this-post'verifystring' $uid=$this-post'uid'; $encryptstring=$this-post'verifystring'; $idstring=$ENV'user'-getidstringbyuid$uid,$this-time; if$idstring==$encryptstring //没考虑到提交为空与查询返回为空的情况，一个逻辑...

Debian Security Advisory DSA 461-1 (calife)

The remote host is missing an update to calife announced via advisory DSA 461-1. OpenVAS Vulnerability Test $Id: deb4611.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 461-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Re: [Full-disclosure] screen 4.0.3 local Authentication Bypass

-----Original Message----- Subject: Re: Full-disclosure screen 4.0.3 local Authentication Bypass Verified on OpenBSD I'm not seeing a 'Getpass error' message on 4.1-STABLE current, but there does seem to be a problem with locking and reattaching: $ screen space $ echo "This is the locked screen"...

CVE-2005-2004

Multiple cross-site scripting vulnerabilities in Ultimate PHP Board UPB 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ref parameter to login.php, 2 id or 3 page parameter to viewtopic.php, id parameter to 4 profile.php, 5 newpost.php, 6 email.php, ...