447 matches found
CVE-2024-20332
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...
CVE-2024-20332
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...
PT-2024-3822 · Cisco · Cisco Identity Services Engine
Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to improper input validation for specific HTTP requests in the web-based management interface, allowing an authenticated, remote attacker to...
LimeSurvey Community 5.3.32 - Stored XSS
Exploit Title: Stored Cross-Site Scripting XSS in LimeSurvey Community Edition Version 5.3.32+220817 Exploit Author: Subhankar Singh Date: 2024-02-03 Vendor: LimeSurvey Software Link: https://community.limesurvey.org/releases/ Version: LimeSurvey Community Edition Version 5.3.32+220817 Tested on:...
BIT-PHPLIST-2023-27576
An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified...
Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin
Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin Google Dork: Date: 12/9/2023 Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on:...
Privilege escalation
An improper privilege management vulnerability CWE-269 in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests...
PT-2024-1746 · Fortinet · Forticlientems
Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientEMS versions 7.2.0 through 7.2.2 Fortinet FortiClientEMS versions before 7.0.10 Description: The issue is related to improper privilege management, allowing a Site administrator with Super Admin privileges to perform globa...
CVE-2023-37608
An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...
PT-2024-12647 · Automatic Systems · Automatic Systems Soc Fl9600
Name of the Vulnerable Software and Affected Versions: Automatic Systems SOC FL9600 FirstLane version V06 lego T04E00 Automatic Systems SOC FL9600 FastLine version v.legoT04E00 Description: An issue in Automatic Systems SOC FL9600 allows a remote attacker to obtain sensitive information because...
CVE-2023-37608
An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...
CVE-2023-36651
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...
CVE-2023-36651
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...
CVE-2023-36651
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...
Hardcoded credentials
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...
CVE-2023-36651
Summary: CVE-2023-36651 affects ProLion CryptoSpike 3.0.15P2. The issue arises from hidden and hard-coded credentials that let remote attackers log in to web management as super-admin and access the most privileged REST API endpoints. The available sources consistently describe the vulnerability ...
CVE-2023-36651
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...
PT-2023-25655 · Prolion · Prolion Cryptospike
Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue concerns hidden and hard-coded credentials in the software, allowing remote attackers to login to web management as a super-admin. This access enables the consumption of the most...
WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF
Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. Submit the following form as a Super Admin notice that it does not contain a nonce. Despite the error,...
WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF
Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. 1. Ensure your WordPress...