Lucene search
K

9 matches found

NVD
NVD
added 2026/02/15 4:15 p.m.7 views

CVE-2026-26368

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user UGUSER to reset the password of arbitrary accounts, including those in the UGADMIN and UGSUPERADMIN groups, without...

8.8CVSS0.00529EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/02/15 3:29 p.m.26 views

CVE-2026-26369 JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user UGUSER can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their...

9.8CVSS0.00637EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/15 3:29 p.m.4 views

CVE-2026-26367 JUNG eNet SMART HOME server 2.2.1/2.3.1 Arbitrary User Deletion via deleteUserAccount

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...

8.1CVSS5.8AI score0.00373EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.14 views

PT-2026-8252

Name of the Vulnerable Software and Affected Versions eNet SMART HOME server versions 2.2.1 and 2.3.1 Description The software contains a missing authorization flaw in the resetUserPassword JSON-RPC method. An authenticated, low-privileged user UG USER can reset the passwords of any account,...

8.8CVSS5.5AI score0.00529EPSS
Exploits2References12
OSV
OSV
added 2021/07/26 6:15 p.m.3 views

CVE-2021-37394

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration...

8.8CVSS5.8AI score0.01171EPSS
Exploits1References2
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.84 views

Microsoft Security Bulletin MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)

Microsoft Security Bulletin MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution 935966 Published: May 8, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity...

10CVSS0.4AI score0.79128EPSS
Exploits18
Saint
Saint
added 2007/04/16 12:0 a.m.36 views

Windows DNS server RPC management interface buffer overflow

Added: 04/16/2007 CVE: CVE-2007-1748 BID: 23470 OSVDB: 34100 Background The Windows DNS service runs an RPC management interface which listens on a dynamically assigned TCP port. Problem A buffer overflow vulnerability in the Windows DNS service allows remote attackers to execute arbitrary comman...

10CVSS9.9AI score0.79128EPSS
Exploits17
Saint
Saint
added 2007/04/16 12:0 a.m.77 views

Windows DNS server RPC management interface buffer overflow

Added: 04/16/2007 CVE: CVE-2007-1748 BID: 23470 OSVDB: 34100 Background The Windows DNS service runs an RPC management interface which listens on a dynamically assigned TCP port. Problem A buffer overflow vulnerability in the Windows DNS service allows remote attackers to execute arbitrary comman...

10CVSS9.9AI score0.79128EPSS
Exploits17
Saint
Saint
added 2007/04/16 12:0 a.m.27 views

Windows DNS server RPC management interface buffer overflow

Added: 04/16/2007 CVE: CVE-2007-1748 BID: 23470 OSVDB: 34100 Background The Windows DNS service runs an RPC management interface which listens on a dynamically assigned TCP port. Problem A buffer overflow vulnerability in the Windows DNS service allows remote attackers to execute arbitrary comman...

10CVSS9.8AI score0.79128EPSS
Exploits17
Rows per page
Query Builder