Lucene search
+L

61 matches found

Exploit DB
Exploit DB
added 2021/06/03 12:0 a.m.259 views

CHIYU IoT Devices - 'Telnet' Authentication Bypass

Exploit Title: CHIYU IoT Devices - 'Telnet' Authentication Bypass Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, and SEMAC - all firmware...

9.8CVSS9.7AI score0.35714EPSS
Exploits5
ATTACKERKB
ATTACKERKB
added 2021/03/23 7:15 a.m.3 views

CVE-2021-29081

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753...

8.4CVSS8.3AI score0.00435EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/03 12:0 a.m.9 views

Access Control Error Vulnerability in Multiple Cisco Products

Cisco RV016 Multi-WAN VPN Router is a VPN Virtual Private Network router. RV042 Dual WAN VPN Router is a VPN Virtual Private Network router. The RV042G Dual Gigabit WAN VPN Router is a VPN Virtual Private Network router. An access control error vulnerability exists in the Cisco Small Business...

9CVSS7.4AI score0.02753EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2021/01/07 12:14 p.m.40 views

Extracting Personal Information from Large Language Models Like GPT-2

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: "Extracting Training Data from Large Language Models." Abstract: It has become common to publish large...

1.9AI score
Exploits0
CNNVD
CNNVD
added 2020/12/29 12:0 a.m.7 views

Certain NETGEAR devices Information Disclosure Vulnerability

Netgear NETGEAR is a router from the American company Netgear. It is a hardware device that connects two or more networks and acts as a gateway between networks. Certain NETGEAR devices are vulnerable to an information disclosure vulnerability that affects the following products and versions: D62...

4.4CVSS5.8AI score0.00311EPSS
Exploits0References2
CNVD
CNVD
added 2020/04/23 12:0 a.m.4 views

NETGEAR R8500 and R8300 Buffer Overflow Vulnerability (CNVD-2020-31334)

The NETGEAR R8500 and NETGEAR R8300 are both wireless routers from NETGEAR. A buffer overflow vulnerability exists in the NETGEAR R8300 prior to version 1.0.2.104 and the R8500 prior to version 1.0.2.104. The vulnerability arises when a network system or product performs an operation in memory...

6.8CVSS7.3AI score0.00509EPSS
Exploits0References1
OSV
OSV
added 2020/04/15 4:15 p.m.6 views

CVE-2020-11782

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10...

4.8CVSS5.8AI score0.00482EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/21 12:0 a.m.4 views

Multiple TRENDnet Products OS Command Injection Vulnerabilities

The TRENDnet TEW-651BR, among others, is a wireless router from TRENDnet. An operating system command injection vulnerability exists in the TRENDnet TEW-651BR version 2.04B1, TEW-652BRP version 3.04b01, and TEW-652BRU version 1.00b12. The vulnerability stems from the failure of a network system o...

10CVSS8AI score0.0304EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2018/10/05 9:23 p.m.151 views

Sony Smart TV Bug Allows Remote Access, Root Privileges

As the number of smart TVs grows, so does the number of vulnerabilities inside of them. On Thursday, security researchers revealed that eight Sony Bravia smart TV models are vulnerable to three separate bugs, one rated critical. The flaws – a stack buffer overflow, a directory traversal and a...

8.3CVSS8.3AI score0.00913EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2018/02/01 12:0 a.m.29 views

Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access

STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis November 2017 PoC: https://github.com/mcw0/PoC Python...

7.4AI score
Exploits0
NVD
NVD
added 2017/04/12 10:59 a.m.20 views

CVE-2017-7588

On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW...

10CVSS9.4AI score0.33584EPSS
Exploits4References2
Cvelist
Cvelist
added 2017/04/12 10:0 a.m.25 views

CVE-2017-7588

On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW...

9.4AI score0.33584EPSS
Exploits4References2
Packet Storm
Packet Storm
added 2017/04/12 12:0 a.m.77 views

Brother MFC-J6520DW Password Change Authentication Bypass

ASCII hex -- md5 e.g. AuthCookie=c243a9ee18a9327bfd419f31e75e71c7 for 'test' password This information can be used to crack current password from exported cookie. Fix: Minimize network access to Brother MFC device or disable HTTPS interface. Confirmed vulnerable: MFC-J6973CDW MFC-J4420DW MFC-8710...

9.7AI score0.33584EPSS
Exploits4
exploitpack
exploitpack
added 2017/04/11 12:0 a.m.48 views

Brother MFC-J6520DW - Authentication Bypass Password Change

Brother MFC-J6520DW - Authentication Bypass Password Change ASCII hex -- md5 e.g. AuthCookie=c243a9ee18a9327bfd419f31e75e71c7 for 'test' password This information can be used to crack current password from exported cookie. Fix: Minimize network access to Brother MFC device or disable HTTPS...

10CVSS9.7AI score0.33584EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/04/11 12:0 a.m.91 views

Brother MFC-J6520DW - Authentication Bypass / Password Change

ASCII hex -- md5 e.g. AuthCookie=c243a9ee18a9327bfd419f31e75e71c7 for 'test' password This information can be used to crack current password from exported cookie. Fix: Minimize network access to Brother MFC device or disable HTTPS interface. Confirmed vulnerable: MFC-J6973CDW MFC-J4420DW MFC-8710...

10CVSS9.6AI score0.33584EPSS
Exploits4
0day.today
0day.today
added 2016/04/27 12:0 a.m.144 views

RomPager 4.34 - Misfortune Cookie Router Authentication Bypass

Exploit for hardware platform in category web applications Title: Misfortune Cookie Exploit RomPager = 4.34 router authentication remover Date: 17/4/2016 CVE: CVE-2015-9222 http://mis.fortunecook.ie Vendors: ZyXEL,TP-Link,D-Link,Nilox,Billion,ZTE,AirLive,... Vulnerable models:...

7.8AI score0.63748EPSS
Exploits12
OpenVAS
OpenVAS
added 2015/06/17 12:0 a.m.127 views

Apexis IP CAM Information Disclosure Vulnerability (Jun 2016) - Active Check

Apexis IP Cameras are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7AI score
Exploits0References2
Nmap
Nmap
added 2013/10/17 11:41 p.m.327 views

http-dlink-backdoor NSE Script

Detects a firmware backdoor on some D-Link routers by changing the User-Agent to a "secret" value. Using the "secret" User-Agent bypasses authentication and allows admin access to the router. The following router models are likely to be vulnerable: DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S,...

10CVSS9.7AI score0.99448EPSS
Exploits33
securityvulns
securityvulns
added 2013/08/05 12:0 a.m.338 views

HP LaserJet Pro printers remote admin password extraction

Some of the networked HP LaserJet printers have hidden URLs hardcoded in the firmware. The URLs are not authenticated and can be used to extract admin password in plaintext v among other information like WiFi settings including WPS PIN. Models affected: HP LaserJet Pro P1102w, HP LaserJet Pro...

Exploits0
The Hacker News
The Hacker News
added 2012/12/15 4:44 p.m.14 views

Cisco VoIP phone vulnerability allow eavesdropping remotely

Cui, a fifth year grad student from the Columbia University Intrusion Detection Systems Lab and co-founder of Red Balloon Security, has demonstrated an attack on common Cisco-branded Voice over IP VoIP phones that could easily eavesdrop on private conversations remotely. The vulnerability Cui...

7.8AI score
Exploits0
Rows per page
Query Builder