406 matches found
CVE-2019-14222
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...
Design/Logic Flaw
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...
CVE-2019-14222
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...
Dynacolor FCM-MB40 Trust Management Issues Vulnerability
Dynacolor FCM-MB40 is an IP camera from Dynacolor, Taiwan, China. A security vulnerability exists in the Dynacolor FCM-MB40 v1.2.0.0, which originates from the program storing web-based administrative credentials in plaintext in /etc/appWeb/appweb.pass. An attacker could exploit the vulnerability...
CVE-2018-16553
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin...
CVE-2018-16553
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin...
Remote code execution
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin...
CVE-2018-16553
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin...
Percona Server Authorization Issues Vulnerability
Percona Server is an open source relational database management system . An authorization issue vulnerability exists in Percona Server version 5.6.44-85.0-1 Debian and Ubuntu. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a networked...
50m-ctf: Weak credentials, Blind SQLi, Timing attack, that leads to web admin access
Summary: Discovery of the application: The h1Thermostat application was discovered by extracting the bit.do URL from the image at https://pbs.twimg.com/media/D0XoThpW0AE2r8S.png:large. The URL https://bit.do/h1therm then led to a Google Drive where the Android application file h1thermostat.apk...
CVE-2018-20219
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...
Cisco Unified Communications Manager Information Disclosure Vulnerability (CNVD-2019-01372)
Cisco Unified Communications Manager is the powerful call processing component of the Cisco Unified Communications solution. It is a scalable, distributable, and highly available enterprise Voice over IP call processing solution. An information disclosure vulnerability exists in the web-based...
Mongo Web Admin Information Disclosure
An information disclosure vulnerability exists in Mongo Web Admin. Successful exploitation of this vulnerability could allow a remote attacker to access to a restricted file...
Mongo Web Admin 6.0 - Information Disclosure
Mongo Web Admin 6.0 - Information Disclosure Exploit Title: Mongo Web Admin 6.0 - Information Disclosure Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mongoadmin.org/ Software Link:...
Mongo Web Admin 6.0 Information Disclosure
Exploit Title: Mongo Web Admin 6.0 - Information Disclosure Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mongoadmin.org/ Software Link: https://netix.dl.sourceforge.net/project/mongo-web-admin/mongoDesktopAdminSetup-beta-6.exe Version: 6.0 Category: Webapps...
Mongo Web Admin 6.0 - Information Disclosure
Exploit Title: Mongo Web Admin 6.0 - Information Disclosure Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mongoadmin.org/ Software Link: https://netix.dl.sourceforge.net/project/mongo-web-admin/mongoDesktopAdminSetup-beta-6.exe Version: 6.0 Category: Webapps...
Mitel MiVoice Office 400 web admin component cross-site scripting vulnerability
Mitel MiVoice Office 400 is a small and medium-sized business communications solution from Mitel Canada. The product includes features such as video conferencing, voice calls, etc. web admin is one of the web-based management components. A cross-site scripting vulnerability exists in the web admi...
CVE-2018-16226
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 v8839a1 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack, due to insufficient validation for the start.asp page. A successful exploit could allow th...
Cross site scripting
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 v8839a1 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack, due to insufficient validation for the start.asp page. A successful exploit could allow th...
CVE-2018-16226
Affected product: Mitel MiVoice Office 400 web admin component. Vulnerability: reflected cross-site scripting (XSS) due to insufficient validation on the start.asp page in versions R5.0 HF3 (v8839a1) and earlier. Impact: unauthenticated attacker could execute arbitrary scripts and access sensitiv...