281 matches found
CVE-2021-3017
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code...
CVE-2021-3017
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code...
Code injection
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code...
CVE-2021-3017
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code...
Intelbras IWR 3000N 安全漏洞
The Intelbras IWR 3000N is a wireless router from Intelbras Poland. A security vulnerability exists in Intelbras WIN 300 and WRN 342 devices version 2021-01-04 and earlier versions that allows remote attackers to discover credentials by reading the def wireless spassword line in the HTML source...
PT-2022-17695 · Grafana +2 · Grafana +2
Name of the Vulnerable Software and Affected Versions: Grafana versions through 7.3.4 Description: An issue was discovered in Grafana when integrated with Zabbix, allowing the Zabbix password to be found in the "api jsonrpc.php" HTML source code. When a user logs in and is allowed to register, on...
CVE-2020-14201
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...
U.S. Dept Of Defense: Blind Stored XSS on the internal host - █████████████
The vulnerability was a blind stored XSS on an internal host. The payload was triggered from the endpoint https://███████████████/NSSI/controlcenterV2/index.htm?directlink&courses/classes/findstudent&&&&&&&& and was found in the Referer header. The vulnerable URL was not accessible from outside t...
Unnamed Vulnerability in GitLab (CNVD-2021-19411)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
CVE-2020-13261
CVE-2020-13261 affects GitLab CE/EE 12.6 through 13.0.1, where Amazon EKS credentials can be disclosed to other administrators via HTML source code. Connected sources confirm the vulnerability and affected ranges, but do not provide concrete exploit steps or a published remediation version. The i...
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
CVE-2020-13261
Removed by vendor...
WebTareas 2.0p8 Cross Site Scripting
Exploit Title: WebTareas v2.0p8 - Login Portal - Reflected Cross Site Scripting XSS Exploit Author: Bobby Cooke Date: May 7th, 2020 Vendor Homepage: http://webtareas.sf.net/ Software Link: https://sourceforge.net/projects/webtareas/files/2.0p8/webTareas-v2.0p8.zip/download Version: v2.0p8 Tested...
CVE-2019-15653
Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real...
Design/Logic Flaw
Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real...
CVE-2020-9013
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting from the HTML source code...
Code injection
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting from the HTML source code...
CVE-2020-6170
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...