24 matches found
EUVD-2019-6608
Malware in sbrugna...
EUVD-2002-0393
Malware in sbrugna...
CVE-2023-2993
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...
CVE-2019-15654
Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login...
CVE-2019-15656
D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of usernamev and passwordv variables...
Solar-Log 1000 安全漏洞
Solar-Log 1000 is a solar photovoltaic data logger from the German company Solar-Log. A security vulnerability exists in Solar-Log 1000 prior to version 2.8.2 Build 52, which stems from the presence of a False Privilege Modification vulnerability that could allow an attacker to gain administrativ...
CVE-2023-37364
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152...
Design/Logic Flaw
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...
CVE-2023-2993
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...
CVE-2023-2993
Summary of CVE-2023-2993 (Mode C) CVE-2023-2993 affects Lenovo ThinkSystem components including SMM v1, SMM v2, and FPC. The vulnerability arises from authenticated, limited-privilege users being able to craft web management server API calls that execute a limited number of commands that the user...
CVE-2023-2993
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...
PT-2023-22482 · Fpc +1 · Fpc +1
Name of the Vulnerable Software and Affected Versions: SMM versions 1 and 2 FPC affected versions not specified Description: A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands that the...
NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability
Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server...
CVE-2022-23158
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server...
ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure
Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The unprotected web management server is vulnerable to sensitive...
D-Link DSL-2875AL Information Disclosure Vulnerability (CNVD-2020-18994)
The D-Link DSL-2875AL is a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DSL-2875AL prior to version 1.00.05. The vulnerability can be exploited by an attacker to obtain a password by sending a simple /romfile.cfg request to the web management...
CVE-2019-15654
Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login...
Design/Logic Flaw
Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login...
Information disclosure
D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of usernamev and passwordv variables...
CVE-2019-15655
D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext...