CVE-2024-10916 D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiat...

CVE-2024-10916 D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiat...

CVE-2020-25754

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an...

CVE-2020-25754

CVE-2020-25754 affects Enphase Energy Envoy R3.x and D4.x devices. A custom PAM module for user authentication bypasses standard login by deriving a password from the MD5 hash of the username and serial number, with the serial number obtainable by an unauthenticated user at /info.xml. Attempts to...

Enphase Envoy 安全漏洞

The Enphase Energy Envoy is a gateway device for connecting smart home devices from Enphase Energy USA. A security vulnerability exists in the Enphase Energy Envoy. The vulnerability stems from the default admin password being set to the last 6 digits of the serial number. The serial number can b...

PT-2019-6348 · D Link · Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 versions 2.10 Description: The issue is related to a lack of protection for service data, which can be exploited by a remote attacker to disclose protected information by requesting the router info.xml document. This can reveal...

Huawei Backup App Reset Session Vulnerability

Huawei Backup App is a cell phone file backup tool. A reset session vulnerability exists in Huawei Backup App, located in the application folder "HuaweiBackup-BackupFiles", which affects a file named info.xml, where encrypted passwords are stored, and can be bypassed and reset by modifying the...

Huawei Backup App v6.30.52.12.L - Session Vulnerability

Document Title: =============== Huawei Backup App v6.30.52.12.L - Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1815 Video: https://www.vulnerability-lab.com/getcontent.php?id=1987 Release Date: ============= 2018-07-29...

ownCloud: OS Command Injection via tainted PATH environment variable in findBinaryPath

The PATH environment variable is passed to the find command in owncloud/core/blob/master/lib/private/legacy/helper.php on line 543 is not sanitized for input. If an adversary is able to taint the PATH environment variable, OS command execution is possible utilizing the find command's execute -exe...