VaulTLS 安全漏洞

VaulTLS is a modern solution from Emily Ehlert Personal Developer to easily manage mTLS two-way TLS certificates. A security vulnerability exists in VaulTLS versions prior to 0.9.1 that stems from an empty password setup and API login bypass, which could lead to unauthorized access...

CVE-2025-8731

TRENDnet CVE-2025-8731 affects TI-G160i, TI-PG102i and TPL-430AP (up to 20250724) with the SSH Service using default credentials. Several sources confirm remote exploitation is possible and that the exploit has been publicly disclosed. Mitigation in publicly released documents centers on credenti...

CVE-2023-24096

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

CVE-2021-21472

SAP Software Provisioning Manager 1.0 SAP NetWeaver Master Data Management Server 7.1 does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack,...

VulnCheck KEV: CVE-2018-13315

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request...

CVE-2023-51135

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup...

TOTOLINK X2000R 安全漏洞

TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X2000R suffers from a buffer overflow vulnerability that originates from the failure of the formPasswordSetup function to properly validate the length and size of the input data, which can be exploited by an...

UBUNTU-CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

CVE-2023-24096

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

TRENDnet TEW-820AP 缓冲区错误漏洞

The TRENDnet TEW-820AP is a router from TRENDnet. A security vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, which stems from the discovery of a stack overflow vulnerability via the newpass parameter of /formPasswordSetup. An attacker could exploit the vulnerability to...

CVE-2022-30328

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface...

SAP NetWeaver Master Data Management 访问控制错误漏洞

SAP NetWeaver Master Data Management SAP MDM is a software from SAP Germany for managing inter-enterprise collaboration. A security vulnerability exists in SAP Software Provisioning Manager that stems from the failure to set a password option during installation, which can be exploited by an...

CVE-2018-20577

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewallSPI.exe, cgi-bin/setupremotemgmt.exe, cgi-bin/setuppass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T...

CVE-2018-13315

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request...

CVE-2018-13315

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request...

Envizon - Network Visualization Tool With Focus On Red / Blue Team Requirements

This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and organization tool, 'envizon'. We hope your feedback will help to improve and hone i...

How to Remove and Replace a NetScaler in High Availability (HA) Pair Setup

This article helps you address RMA replacements and includes instruction on how to backup configurations, upgrade or downgrade shipped software version, and setup of RPC password on NetScaler. Before you Begin Label all interfaces/cables prior to swap Requirements A Windows client or server with...

Ananda Image Gallery SQL Vulnerability

No description provided by source. Exploit Title:Ananda Image Gallery SQL Vulnerable Vendor url:http://www.softwebsnepal.com/ Version:n/a Price:159$ Author: L0rd CrusAd3r aka VSN [email protected] Published: 2010-06-17 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to...

Ananda Image Gallery - SQL Injection

Ananda Image Gallery - SQL Injection Exploit Title:Ananda Image Gallery SQL Vulnerable Vendor url:http://www.softwebsnepal.com/ Version:n/a Price:159$ Author: L0rd CrusAd3r aka VSN [email protected] Published: 2010-06-17 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and t...

Ananda Image Gallery SQL Injection vulnerability

Exploit for asp platform in category web applications ================================================ Ananda Image Gallery SQL Injection vulnerability ================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\...