15 matches found
EUVD-2019-6722
Malware in sbrugna...
EUVD-2022-34173
Malicious code in bioql PyPI...
KbDevice digital video recorders 安全漏洞
The KbDevice KB-AHR04D is an AHD hybrid recorder from KbDevice. A security vulnerability exists in KbDevice digital video recorders that stems from the fact that the product contains undocumented functionality that is not part of the specification and cannot be accessed through interfaces or...
CVE-2022-29855
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 5.1.0.8016 and earlier, and 6.0 6.0.0.368 through 6.1 HF4 6.1.0.165, could allow a unauthenticated...
SmartFoxServer 2X 2.17.0 Remote Code Execution
SmartFoxServer 2X 2.17.0 God Mode Console Remote Code Execution Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6 SmartFoxServer 2X, Pro, Basic Summary: SmartFoxServer SFS is a comprehensive SDK for rapidly developing...
CVE-2019-15804
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application e.g., through CTRL+\ via SSH. The access...
Improper access control
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fdssyspassDebugPasswdret. The...
CVE-2019-15803
The CVE-2019-15803 issue affects Zyxel GS1900 devices running firmware prior to 2.50(AAHH.0)C0. It stems from an undocumented keypress sequence that triggers a diagnostics shell via CTRL-ALT-t. The slider of access checks (fds_sys_remoteDebugEnable_ret in libfds.so) always returns TRUE, bypassing...
CVE-2019-15803
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fdssyspassDebugPasswdret. The...
CVE-2019-15804
CVE-2019-15804 affects Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending SIGQUIT to the CLI process (e.g., CTRL+\ via SSH), an undocumented menu can be triggered, exposing a "Password recovery for specific user" option. Access control blocks the menu, but it is believed to be r...
Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality
Cisco VoIP phone such as models 88XX suffer from script insertion, weak and hard-coded passwords, undocumented debug functionality, and various outdated components with known vulnerabilities. ======================================================================= title: Multiple Vulnerabilities...
Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Cisco VoIP Phones, e.g. models 88XX vulnerable version: See list of vulnerable devices/firmwares below fixed version: 12.5.1 MN CVE...
CVE-2017-10140
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
CVE-2017-10140
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
CVE-2017-10140
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...