PT-2026-37275

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A business logic issue in the Grav Admin Panel allows a low-privileged user with user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new...

EUVD-2005-1818

Malware in sbrugna...

CVE-2005-1816

Invision Power Board IPB 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen...

CVE-2022-48071

Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext...

PHICOMM K2G A1 安全漏洞

The PHICOMM K2G A1 is a dual-band Gigabit wireless WiFi router from PHICOMM China. A security vulnerability exists in Phicomm K2 version v22.6.534.263, which stems from the fact that an attacker can discover the passwords of the root and admin users stored in the plaintext...

cups: authorization bypass when using "local" authorization

An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution...

Privilege Escalation

cups is vulnerable to privilege escalation. The vulnerability exists due to gain elevated privileges which allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key...

D-Link DIR-615 Input Validation Error Vulnerability

The D-Link DIR-615 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DIR-615 suffers from an input validation error vulnerability. An attacker can exploit this vulnerability to create a root admin user...

CVE-2019-19743

On D-Link DIR-615 devices, a normal user is able to create a rootadmin user from the D-Link portal...

D-Link DIR-615 - Privilege Escalation Vulnerability

Exploit for hardware platform in category web applications Exploit Title: D-Link DIR-615 - Privilege Escalation Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link: http://www.dlink.co.in/products/?pid=678 Hardware Version: T1 Firmwa...

Xxe

Trend Micro Deep Security Manager 10.x, 11.x and Vulnerability Protection 2.0 are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager DSM...

CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution', 'Description' = %q The NVRmini 2 Network...

http_vs_https_dist

This plugin analyzes the network distance between the HTTP and HTTPS ports giving a detailed report of the traversed hosts in transit to target:port. You should have root/admin privileges in order to run this plugin succesfully. Explicitly declared ports on the entered target override those...

Directory traversal

Directory traversal vulnerability in SAP Business Connector BC 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to 1 sapbc/SAP/chopSAPLog.dsp or 2 invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended...