VulnCheck KEV: CVE-2022-27593

Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign...

Apple macOS PackageKit PKCoreShove Link Following System Integrity Protection Bypass Vulnerability

This vulnerability allows local attackers to bypass System Integrity Protection on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within PackageKi...

CVE-2022-24408

A vulnerability has been identified in SINUMERIK MC All versions V1.15 SP1, SINUMERIK ONE All versions V6.15 SP1. The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow loc...

The vulnerability of the Fanuc 32i numerical program-controlled controller stems from deficiencies in the storage of protected information, allowing attackers to copy or modify user files and system files.

The vulnerability of the numerical program-controlled controller Fanuc 32i is related to deficiencies in the storage of protected information. Exploiting this vulnerability could allow an intruder to copy or modify user files and system files...

CVE-2020-25499

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router...

VulnCheck KEV: CVE-2019-7194

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...

CVE-2020-8635

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files...

Unspecified Vulnerability in Yulong Computer Communication Technology Coolpad 1851

Yulong Computer Communication Technology Coolpad 1851 is a smartphone from China's Yulong Computer Communication Technology. An unspecified vulnerability exists in the Yulong Computer Communication Technology Coolpad 1851. An attacker can exploit this vulnerability to modify system properties...

Unspecified Vulnerability in Ulefone Armor 5

Ulefone Armor 5 is a smartphone from Chinese company Ulefone Technology Ulefone. An unspecified vulnerability exists in Ulefone Armor 5. An attacker can exploit the vulnerability to modify system properties...

Infinix Note 5 Access Control Error Vulnerability

Infinix Note 5 is a smartphone from the Chinese company Transn Infinix. The Infinix Note 5 build fingerprint: Infinix/H633IJL/Infinix-X604sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains an access control error in the com.mediatek.wfo An access control error vulnerability exists in t...

AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting

Exploit Title: AUO Solar Data Recorder - Stored XSS Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...

Western Digital My Cloud NAS Default Credentials (HTTP)

The Western Digital My Cloud device is using known and default credentials for the HTTP based web interface. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

HangZhou XiongMai Technologies Net Surveillance Default Credentials (HTTP)

The remote installation of HangZhou XiongMai Technologies Net Surveillance is using known default credentials for the HTTP login. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2018-6020

In Silex SX-500 all versions and GE MobileLinkGEH-500 version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings...

CVE-2017-2735

TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user in...

Castle Rock Computing SNMPc Cross-Site Scripting Vulnerability

Castle Rock Computing SNMPc is a distributed network management system from Castle Rock Computing that provides proactive, real-time monitoring capabilities for the entire network infrastructure. A cross-site scripting vulnerability exists in versions of Castle Rock Computing SNMPc prior to...

HTTP Brute Force Logins With Default Credentials Reporting

It was possible to login into the remote Web Application using default credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Default Password 'WhatsHappeningNow' for 'insight' Account (SSH)

The remote device is using known default credentials. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Default Password '3!acK5tratu5' for 'root' Account (SSH)

The remote device is using known default credentials. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Default Password 'htinit' for 'htinit' Account (SSH)

The remote device is using known default credentials. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...