📄 ZTE ZXHN H168N 3.5 Credential Disclosure

The ZTE ZXHN H168N V3.5 firmware exposes quick-setup wizard endpoints that return PPPoE credentials ADUsername, VDUsername and the WLAN KeyPassphrase via the GetPassword action without requiring authentication. The firmware routing allowlists these endpoints through a QuickSetupEnable branch. In...

EUVD-2002-0283

Malware in sbrugna...

CVE-2020-21133

SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid...

Metinfo MetInfo SQL注入漏洞

Metinfo MetInfo is a content management system CMS developed by China Mito Metinfo using PHP and Mysql. A SQL injection vulnerability exists in getpassword.php in Metinfo 7.0.0beta, which arises from a database-based application that lacks validation of externally entered SQL statements. An...

ZZCMS 安全漏洞

ZZCMS is a content management system CMS by Zzcms team in China. A password reset vulnerability exists in zzcms version 201910. The vulnerability stems from The vulnerability stems from an improperly designed or implemented code development process for a web-based system or product. An attacker c...

Trend Micro Control Manager GetPassword() SQLi

The Trend Micro Control Manager running on the remote host is affected by an SQLi vulnerability when processing an HTTP request due to the lack of proper validation of a user-supplied string before using it to construct SQL queries. An unauthenticated, remote attacker can exploit this issue, via ...

Trend Micro Control Manager sCloudService GetPassword SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPassword method, which is called by the sCloudService servlet. The...

metinfo(m topology)of the enterprise website management system SQL injection vulnerability-vulnerability warning-the black bar safety net

The vulnerability occurs in the member/getpassword. php with admin/admin/getpassword. php file if$p $array = explode'.', base64decode$p; $sql="SELECT FROM $metadmintable WHERE adminid='".$ array0."'"; $sqlarray = $db-getone$sql; base64decode$pafter the value with explode split and then submitted ...

metinfo enterprise website management system SQL injection vulnerability-vulnerability warning-the black bar safety net

Brief description: metinfo enterprise website management systemSQL injectionvulnerability Detailed description: member/getpassword. php with admin/admin/getpassword. php file if$p $array = explode'.', base64decode$p; $sql="SELECT FROM $metadmintable WHERE adminid='".$ array0."'"; $sqlarray =...

DR. COM city hot GetPassword-0day vulnerabilities&exp-vulnerability warning-the black bar safety net

DR. COM city hot spot broadband Many cities have used this? The city, the government, enterprises, Operators, universities and so on.. With this Suite of software to provide access to broadband service A recent study, found a vulnerability, 在DR.COM USS user self-service log in theWEB server You c...

风讯（FooSun）GetPassword.asp页面存在任意修改密码漏洞

FoosunCMS是一款具有强大的功能的基于ASP+ACCESS/MSSQL构架的内容管理软件。 在文件\User\ GetPassword.asp中： ElseIf Request.Form"Action" = "step3" then //第28行 Call step3 …… Sub step3 //第198行 Dim ppassnew,pconfimpassnew ppassnew = md5Request.Form"passnew",16 …… UserConn.execute"Update FSMEUsers set UserPassword ='"&...

CVE-2002-0286

The CVE affects SiteNews 0.10 and 0.11. In function.php, the GetPassword routine can be abused when a remote attacker supplies a non-existent username and the MD5 checksum of an empty password to add_user.php. This causes GetPassword to generate and compare a blank password for the non-existent u...