CVE-2026-41908 OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route

OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to...

ZOHO ManageEngine ADSelfService Plus Data Forgery Issue Vulnerability

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A data forgery vulnerability exists in ZOHO ManageEngine ADSelfService Plus that stems from a lack of proper authentication of data...

Xerver 4.32 - Source Disclosure and HTTP Authentication Bypass

No description provided by source. Exploit Title: Xerver Source Disclosure and HTTP Auth Bypass Date: 01 Aug 2010 Author: Ben Schmidt aka supernothing Software: http://www.javascript.nu/xerver/ Version: 4.32 and prior Tested on: Windows XP SP3 CVE: N/A This file is derived from part of the...

Axis Network Camera 2.x And Video Server 1-3 HTTP Authentication Bypass

No description provided by source. source: http://www.securityfocus.com/bid/11011/info A hardcoded backdoor administrative-user issue allows remote attackers to administer affected devices. This likely cannot be disabled. This issue is reported to affect: - Axis StorePoint CD E100 CD-ROM Server...

TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow &amp; sFlow Analyzer

Trustwave SpiderLabs Security Advisory TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Published: 07/27/12 Version: 1.0 Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 Build...

Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass

This will add an administrative account to Scrutinizer NetFlow and sFlow Analyzer without any authentication. Versions such as 9.0.1 or older are affected. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow &amp; sFlow Analyzer

Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow a...

Scrutinizer NetFlow & sFlow Analyzer Multiple Vulnerabilities

Exploit for multiple platform in category web applications Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer...

Scrutinizer NetFlow sFlow Analyzer - Multiple Vulnerabilities

Scrutinizer NetFlow sFlow Analyzer - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer...

Xerver 4.32 Source Disclosure and HTTP Authentication Bypass

No description provided by source. Exploit Title: Xerver Source Disclosure and HTTP Auth Bypass Date: 01 Aug 2010 Author: Ben Schmidt aka supernothing Software: http://www.javascript.nu/xerver/ Version: 4.32 and prior Tested on: Windows XP SP3 CVE: N/A This file is derived from part of the...

Boa 0.93.15 HTTP Basic Authentication Bypass Exploit

No description provided by source. / Boa HTTP Basic Authentication Bypass Vuln: Boa/0.93.15 with Intersil Extensions Original Advisory: http://www.securityfocus.com/archive/1/479434 http://www.ikkisoft.com/stuff/SN-2007-02.txt Luca "ikki" Carettoni http://www.ikkisoft.com / ---- !/usr/bin/env...

Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass

The remote host appears to be a Fuji Xerox Printing Systems FXPS printer. According to its firmware version, the web server component of the FXPS device reportedly fails to authenticate HTTP requests, which could allow a remote attacker to gain administrative control of the affected printer and...

Axis Network Camera 2.x And Video Server 1-3 - HTTP Authentication Bypass

Axis Network Camera 2.x And Video Server 1-3 - HTTP Authentication Bypass source: https://www.securityfocus.com/bid/11011/info A hardcoded backdoor administrative-user issue allows remote attackers to administer affected devices. This likely cannot be disabled. This issue is reported to affect: -...

CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass

Core Security Technologies Advisory http://www.coresecurity.com Axis Network Camera HTTP Authentication Bypass Date Published: 2003-05-27 Last Update: 2003-05-23 Advisory ID: CORE-2003-0403 Bugtraq ID: 7652 CVE Name: CAN-2003-0240 Title: Axis Network Camera HTTP Authentication Bypass Class: Acces...

Axis Network Camera HTTP Authentication Bypass

Advisory ID Internal CORE-2003-0403 Core Security Technologies Advisory http://www.coresecurity.com Date Published: 2003-05-27 Last Update: 2003-05-23 Advisory ID: CORE-2003-0403 Bugtraq ID: 7652 CVE Name: CAN-2003-0240 Title: Axis Network Camera HTTP Authentication Bypass Class: Access Validatio...

Axis Network Camera 2.x - HTTP Authentication Bypass

Axis Network Camera 2.x - HTTP Authentication Bypass source: https://www.securityfocus.com/bid/7652/info A vulnerability has been discovered in various Axis Communications products. By making a request for a specially formatted URL, it may be possible for remote users to access the administrative...

Axis Network Camera 2.x - HTTP Authentication Bypass

source: https://www.securityfocus.com/bid/7652/info A vulnerability has been discovered in various Axis Communications products. By making a request for a specially formatted URL, it may be possible for remote users to access the administrative configuration interface without being prompted for...