CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

EUVD-2018-21918

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

CVE-2019-25708

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...

PT-2025-12691 · H3C · H3C Magic Be18000 +4

Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical issue affects...

CVE-2019-12576

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher binary is setuid root. This program is called during the connection process and executes...

CVE-2019-12576

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher binary is setuid root. This program is called during the connection process and executes...

Design/Logic Flaw

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher binary is setuid root. This program is called during the connection process and executes...

CVE-2019-12576

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher binary is setuid root. This program is called during the connection process and executes...

OSX VPN Manager

This module lists VPN connections and tries to connect to them using stored credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OSX VPN Manager', 'Description' = %q This module lists V...