29 matches found
Hard coded credentials vulnerability in GoHarbor's Harbor
Overview GoHarbor's Harbor default admin password presents a security risk because it does not require change upon initial deployment. Description GoHarbor's Harbor is an open-source OCI-compliant container registry project that stores, signs, and manages container images. Harbor initializes with...
EUVD-2026-10346
An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and...
PT-2026-22725
OpenMQ exposes a TCP-based management service imqbrokerd that by default requires authentication. However, the product ships with a default administrative account admin/ admin and does not enforce a mandatory password change on first use. After the first successful login, the server continues to...
CVE-2026-27751
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement t...
CVE-2026-27751
SODOLA SL902-SWTGW124AS firmware versions up to 200.1.20 contain a default credentials vulnerability that lets remote attackers obtain administrative access to the management interface. The issue arises from hardcoded default credentials and lack of password-change enforcement, enabling full admi...
EUVD-2006-0917
Malware in sbrugna...
EUVD-2013-5776
Malware in sbrugna...
EUVD-2015-7828
Malware in sbrugna...
CVE-2013-2352
LeftHand OS aka SAN iQ 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time...
Eaton Xpert Meter SSH Private Key Exposure Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework XXX: This shouldn't be necessary but is now require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Eaton Xpert Meter SSH Private Key Exposure Scanner'...
K8420: ClamAV buffer overflow vulnerabilities - CVE-2007-6335, CVE-2007-6336
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
Lupusec XT1 1.0.80 XSS / CSRF / DoS / Insecure Transit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-20 === Lupusec XT1 Alarm System - Multiple Issues Affected Versions ================= Lupusec XT1 fw 1.0.80 Issue Overview ============== Vulnerability Type: Cross Site Scripting, Cross Site Request Forgery,...
CVE-2016-5678
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors...
VulnCheck KEV: CVE-2015-7755
Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device...
Backdoor in ScreenOS (SSH)
ScreenOS is vulnerable to an unauthorized remote administrative access to the device over SSH or telnet. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Juniper Patches ScreenOS Backdoor
Juniper Networks today has released an emergency patch that removes what it’s calling “unauthorized code” from ScreenOS that could allow attackers to decrypt VPN traffic from NetScreen devices. Juniper has not commented on the origin of the code it found. However, Juniper’s products were singled...
Western Digital My Net Wireless Routers - Password Disclosure
No description provided by source. Vulnerable Systems: Western Digital My Net Series Wireless Routers: N600 Firmware 1.03.12 N600 Firmware 1.04.16 N750 Firmware 1.03.12 N750 Firmware 1.04.16 N900 Firmware 1.05.12 N900 Firmware 1.06.18 N900 Firmware 1.06.28 N900C Firmware 1.05.12 N900C Firmware...
ASUS router drive-by code execution via XSS and authentication bypass
ASUS router drive-by code execution via XSS and authentication bypass ===================================================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/asus-router-auth-bypass.txt Overview -------- Various ASUS routers contai...
ASUS Router Authentication Bypass / Cross Site Scripting
ASUS router drive-by code execution via XSS and authentication bypass ===================================================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/asus-router-auth-bypass.txt Overview -------- Various ASUS routers contai...
Western Digital My Net Router main_internet.php Admin Credential Disclosure
The web server for the Western Digital My Net router identified is affected by an information disclosure vulnerability. The admin password is stored in plaintext as the value for 'var pass'. This can be found in the source code for the 'maininternet.php' page. An unauthenticated, remote attacker...