19 matches found
CVE-2026-4312 DrangSoft|GCB/FCB Audit Software - Missing Authentication
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...
CVE-2026-3611
The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...
CVE-2023-53895
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...
CVE-2023-53895
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...
CVE-2023-53895
PimpMyLog 1.7.14 is affected by an improper access control vulnerability that lets remote attackers create admin accounts via the configuration endpoint (/configuration). The unsanitized username field can be exploited to inject JavaScript, enabling a hidden backdoor and potential access to serve...
EUVD-2023-60195
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...
PT-2025-51743
Name of the Vulnerable Software and Affected Versions PimpMyLog version 1.7.14 Description The software contains an improper access control issue that allows remote attackers to create administrator accounts without authorization through the configuration endpoint. Attackers can exploit the...
EUVD-2022-4201
Malicious code in bioql PyPI...
CVE-2019-12890
RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...
VulnCheck KEV: CVE-2012-2626
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action...
Zero-channel BBS Plus vulnerable to cross-site scripting
Overview Zero-channel BBS Plus by Zero-Channel BBS Plus Developers is a bulletin board CGI script. Zero-channel BBS Plus contains a cross-site scripting vulnerability CWE-79. Zero-Channel BBS Plus Developers reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...
RedwoodHQ Bypass Authentication Vulnerability
RedwoodHQ is an open source automated testing framework. The product supports programming languages such as Java, Groovy, Python and C and is capable of creating readable keyword-driven test cases. A security vulnerability exists in RedwoodHQ version 2.5.5. The vulnerability stems from a lack of...
CVE-2018-12464
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in...
Flip <= 3.0 Remoe Admin Creation Exploit
Exploit for unknown platform in category web applications ======================================== Flip ; print "password you want: "; my $pass = ; chomp$user; chomp$pass; createadmin$url, $user, $pass; sub createadmin my $url = shift; my $user = shift; my $pass = shift; print "creating admin...
Flip 3.0 - Remote Admin Creation
!/usr/bin/perl use strict; use IO::Socket; use Getopt::Std; my $app = "Flip ; print "password you want: "; my $pass = ; chomp$user; chomp$pass; createadmin$url, $user, $pass; sub createadmin my $url = shift; my $user = shift; my $pass = shift; print "creating admin ... \t"; my $content =...
Flip 3.0 - Remote Admin Creation
Flip 3.0 - Remote Admin Creation !/usr/bin/perl use strict; use IO::Socket; use Getopt::Std; my $app = "Flip ; print "password you want: "; my $pass = ; chomp$user; chomp$pass; createadmin$url, $user, $pass; sub createadmin my $url = shift; my $user = shift; my $pass = shift; print "creating admi...
Flip <= 3.0 Remoe Admin Creation Exploit
No description provided by source. !/usr/bin/perl use strict; use IO::Socket; use Getopt::Std; my $app = "Flip = 3.0"; my $type = "Admin Creation"; my $author = "undefined1"; my $vendor = "http://sourceforge.net/projects/flipsource"; my %opt; getopts"t:", %opt; $| = 1; print ":: $app $type - by...
paNews 2.0b4 Remote Admin Creation SQL Injection Exploit
No description provided by source. / paNews v2.0b4 silePNEWSxpl This exploit utilize SQL injection for create a new user with admin privileges on paNews software system. References: packetstormsecurity.org/0503-exploits/panews.txt coded by: Silentium of Anacron Group Italy date: 04/03/2005 e-mail...
paNews 2.0b4 - Remote Admin Creation SQL Injection
/ paNews v2.0b4 silePNEWSxpl This exploit utilize SQL injection for create a new user with admin privileges on paNews software system. References: packetstormsecurity.org/0503-exploits/panews.txt coded by: Silentium of Anacron Group Italy date: 04/03/2005 e-mail: anacrongroupitalyatautisticidotor...