Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2022/02/28 12:0 a.m.315 views

WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation

Exploit Title: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation Date: 02/16/2022 Exploit Author: Momen Eldawakhly Cyber Guy at Cypro AB Vendor Homepage: https://www.wago.com Version: Firmware version 03.05.1017 Tested on: PopOS! Linux CVE : CVE-2021-46388...

0.7AI score
Exploits2
Packet Storm
Packet Storm
added 2022/02/23 12:0 a.m.315 views

Backdoor.Win32.Acropolis.10 Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c3e2bbe5dca96687422f2b4e8c80f4ce.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Acropolis.10 Vulnerability: Insecure Permissions Description: The malware writes a PE...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.315 views

Ab Stealer Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9e44c10307aa8194753896ecf8102167.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ab Stealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The "Ab...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/16 12:0 a.m.315 views

Aruba Instant 8.7.1.0 Arbitrary File Modification

Exploit Title: Aruba Instant 8.7.1.0 - Arbitrary File Modification Date: 15/07/2021 Exploit Author: Gr33nh4t Vendor Homepage: https://www.arubanetworks.com/ Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Aruba Instant 6.5.x: 6.5.4.18 and below Aruba Instant 8.3.x: 8.3.0.14 and below Aru...

8.5CVSS0.2AI score0.13312EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/07/06 12:0 a.m.315 views

Billing System Project 1.0 Shell Upload

Exploit Title: Billing System Project 1.0 - Remote Code Execution RCE Unauthenticated Date: 06.07.2021 Exploit Author: Talha DEMİRSOY Software Link: https://www.sourcecodester.com/php/14831/billing-system-project-php-source-code-free-download.html Version: V 1.0 Tested on: Linux & Windows import...

Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.315 views

Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE CVE-2021-1499', 'Description' = %q This module exploits an unauthenticated fi...

5CVSS0.3AI score0.80426EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/05/07 12:0 a.m.315 views

Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation

Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation Vendor: Epic Games, Inc. Product web page: https://www.epicgames.com https://www.easy.ac Affected version: 4.0.0.0 Summary: Easy Anti-Cheat is the industry-leading anti–cheat service, countering hacking and cheating in multiplayer PC games...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/07 12:0 a.m.315 views

Human Resource Information System 0.1 Remote Code Execution

Exploit Title: Human Resource Information System 0.1 - Remote Code Execution Unauthenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2021/04/05 12:0 a.m.315 views

Trojan.Win32.Sharer.h Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Sharer.h Vulnerability: Anonymous Logon RCE Description: Sharer.h by GOLDSWORD -...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/19 12:0 a.m.315 views

Online News Portal 1.0 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: Online News Portal | Stored XSS + CSRF Example Exploit Author: Richard Jones Date: 2021-03-18 Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html Software Link:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/19 12:0 a.m.315 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...

Exploits0
Packet Storm
Packet Storm
added 2021/01/21 12:0 a.m.315 views

Backdoor.Win32.WinShell.30 Remote Stack Buffer Overflow / Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/56a2b135c8d35561ea5b04694155eb77.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.30 Vulnerability: Remote Stack Buffer Overflow / Missing Authentication...

1.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/07 12:0 a.m.315 views

H2 Database 1.4.199 JNI Code Execution

Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Date: 28 April 2020 Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/08 12:0 a.m.315 views

Quick Player 1.3 Buffer Overflow

Exploit Title: Quick Player 1.3 - '.m3l' Buffer Overflow Unicode & SEH Date: 2020-06-05 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof of Concept: 1.- Run the python script "poc.py", it will create a new...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/17 12:0 a.m.315 views

Microsoft Windows Internet Settings Security Feature Bypass

Exploit Title: Microsoft Windows 'Internet Settings' Misconfiguration Security Feature Bypass Vulnerability Google Dork: N/A Date: September, 17 2019 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: Windows 7 SP1, 8.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/10/12 12:0 a.m.315 views

CAMALEON CMS 2.4 Cross Site Scripting

Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability Type : Cross-site Scripting...

6.3AI score0.01049EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/10/14 12:0 a.m.314 views

ABB Cylon Aspect 3.08.00 yumSettings.php Command Injection

ABB Cylon Aspect 3.08.00 yumSettings.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management and...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/02 12:0 a.m.314 views

SPIP 4.2.7 Code Execution

============================================================================================================================================= | Title : SPIP 4.2.7 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.314 views

NTP Clock Variables Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Clock Variables Disclosure', 'Description' = %q This module reads the system internal NTP variables. These variables contain potentially...

5CVSS6.7AI score0.97549EPSS
Exploits23
Packet Storm
Packet Storm
added 2024/08/29 12:0 a.m.314 views

Online Bus Ticketing 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : Online Bus Ticketing v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/04 12:0 a.m.314 views

Helmholz Industrial Router REX100 / MBConnectline mbNET.mini 2.2.11 Command Injection

CyberDanube Security Research 20240703-0 ------------------------------------------------------------------------------- title| Authenticated Command Injection product| Helmholz Industrial Router REX100 | MBConnectline mbNET.mini vulnerable version| = 2.2.11 fixed version| 2.2.13 CVE number|...

7.2CVSS7.1AI score0.0122EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/05/06 12:0 a.m.314 views

Systemd Insecure PTY Handling

Systemd Insecure PTY Handling Vulnerability =========================================== CVSSv3.BaseScore: 5.8 CVSSv3.Vector: AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N Short Description ================= Systemd-run/run0 allocates user-owned pty's and attaches the slave to high privilege programs withou...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/11 12:0 a.m.314 views

Numbas Remote Code Execution

Exploit Title: Numbas v7.3 - Remote Code Execution Google Dork: N/A Date: March 7th, 2024 Exploit Author: Matheus Boschetti Vendor Homepage: https://www.numbas.org.uk/ Software Link: https://github.com/numbas/Numbas Version: 7.2 and below Tested on: Linux CVE: CVE-2024-27612 import sys, requests,...

7.4AI score0.10706EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/03/04 12:0 a.m.314 views

XAMPP 5.6.40 SQL Injection

Exploit Title: XAMPP - Error Based SQL Injection Date: 02/2024 Exploit Author: Andrey Stoykov Version: 5.6.40 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Steps to Reproduce: 1. Login to phpmyadmin 2. Visit Export New Template test Create 3. Navigate to "Existing Templates" 4...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/24 12:0 a.m.314 views

User Registration And Login And User Management System 3.0 Cross Site Scripting

Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/23 12:0 a.m.314 views

FAST TECH CMS 1.0 SQL Injection

==================================================================================================================================== | Title : FAST TECH CMS v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 73.0.132-bit | ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.314 views

Crypto Currency Tracker (CCT) 9.5 Add Administrator

Exploit Title: Crypto Currency Tracker CCT - Admin Account Creation Unauthenticated Date: 11.08.2023 Exploit Author: 0xBr Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008 Version: =9.5 CVE: CVE-2023-37759 POST /en/user/register HTTP...

7.1AI score0.03564EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.314 views

Rocket LMS 1.7 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.314 views

ACJWEB DESIGNER 1.0 Cross Site Scripting

======================================================================================| | Title : ACJWEB DESIGNER v 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | | Vendor : [email protected] | | Drok :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/15 12:0 a.m.314 views

projectSend r1605 Cross Site Scripting

Exploit Title: projectSend r1605 - Stored XSS Application: projectSend Version: r1605 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & P...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/12 12:0 a.m.314 views

Anevia Flamingo XL/XS 3.6.x Default / Hardcoded Credentials

Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.20, 3.2.9 Hardware revision 1.1, 1.0 SoapLive 2.4.1, 2.0.3 SoapSystem 1.3.1 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/22 12:0 a.m.314 views

eBankIT 6 Arbitrary OTP Generation

CVE-2023-33291 Description In eBankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any email address or phone number without validation. ------------------------------------------ Additional Information The cookies in the...

7.1AI score0.00889EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/03/09 12:0 a.m.314 views

Wondershare Dr Fone 12.9.6 Weak Permissions / Privilege Escalation

Executive Summary: Product Name: Wondershare Dr. Fone Vendor Home Page: https://drfone.wondershare.com Affected Versions: Dr Fone version 12.9.6 Vulnerability Type: Execution with Unnecessary Privileges CWE-250 CVE Reference: CVE-2023-27010. Credit: Thurein Soe Vendor Description: Wondershare Dr...

0.2AI score0.01016EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/06 12:0 a.m.314 views

Purchase Order Management 1.0 Cross Site Scripting

Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/03 12:0 a.m.314 views

Barracuda CloudGen WAN OS Command Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Injection product: Barracuda CloudGen WAN vulnerable version: v8. hotfix 1089 fixed version: v8. with hotfix webui-sdwan-1089-8.3.1-174141891 or above version...

0.5AI score0.07878EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/01/23 12:0 a.m.314 views

AmazCart Laravel Ecommerce System CMS 3.4 Cross Site Scripting

Exploit Title: AmazCart - Laravel Ecommerce System CMS 3.4 - 'Search' Cross-Site-Scripting — Reflected AJAX Date: 17/01/2023 Exploit Author: Sajibe Kanti CVE ID: Vendor Name: CodeThemes Vendor Homepage: https://spondonit.com/ Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/19 12:0 a.m.314 views

WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting

Exploit Title: WordPress Plugin ‘GetYourGuide Ticketing’ - Stored Cross-Site Scripting Date: 18-09-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/search/GetYourGuide+Ticketing/ Version: 1.0.1 Tested on: Firefox Contact me: [email protected]...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/21 12:0 a.m.314 views

Kite 1.2021.610.0 Unquoted Service Path

Exploit Title: Kite 1.2021.610.0 - Unquoted Service Path Date: 2020-11-6 Exploit Author: Ghaleb Al-otaibi Vendor Homepage: https://www.kite.com/ Version: Version 4.2.0.1 U1 Tested on: Microsoft Windows 10 Pro - 10.0.19044 N/A Build 19044 CVE : NA Service info: C:\Windows\system32\cmd.exesc qc...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/20 12:0 a.m.314 views

Sourcegraph Gitserver 3.36.3 Remote Code Execution

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...

8.8CVSS0.7431EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/04/05 12:0 a.m.314 views

Multi Store Inventory Management System 1.0 Information Disclosure

Exploit Title: Multi Store Inventory Management System - Information Disclosure Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.bdtask.com/ Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/ Version: 1.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/28 12:0 a.m.314 views

Razer Synapse 3.6.x DLL Hijacking

Advisory ID: SYSS-2021-058 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions prior to 3.7.0228.022817 Tested Versions: 3.6.0920.091710, 3.6.1010.101113, 3.6.1018.101823, 3.6.1130.111217, 3.6.1201.111814, 3.7.0131.011810 Vulnerability Type: Improper Privilege Management...

0.3AI score0.00889EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/03/04 12:0 a.m.314 views

Backdoor.Win32.RemoteNC.beta4 Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/2862de561d91eedb265df4ae9b0fc872.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemoteNC.beta4 Vulnerability: Unauthenticated Remote Command Execution Description: T...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.314 views

WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection

Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...

9.8CVSS0.2AI score0.78812EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/10/04 12:0 a.m.314 views

Vehicle Service Management System 1.0 SQL Injection

Exploit Title: Vehicle Service Managment 1.0 - SQL Injection Error Based Date: 2021-10-02 Exploit Author: RICHARD JONES Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/21 12:0 a.m.314 views

Vehicle Parking Management System 1.0 Cross Site Scripting

Exploit Title: Vehicle Parking Management System - Stored Cross-Site-Scripting XSS Date: 2021-07-09 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/11 12:0 a.m.314 views

Backdoor.Win32.Zombam.gen Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Unauthenticated URL Command Injection Description: Zombam...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/29 12:0 a.m.314 views

Project Expense Monitoring System 1.0 SQL Injection

Exploit Title: Project Expense Monitoring System | SQL Login Bypass Multiple Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/22 12:0 a.m.314 views

Trojan-Dropper.Win32.Demp.rft Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/db01783710e0c5aff92156a0e76deade.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Demp.rft Vulnerability: Insecure Permissions Description: The specimen creates ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/21 12:0 a.m.314 views

SCO Openserver 5.0.7 Cross Site Scripting

Exploit Title: SCO Openserver 5.0.7 - 'section' Reflected XSS Google Dork: inurl:/cgi-bin/manlist?section Discovered Date: 14/06/2020 Author: Ramikan Vendor Homepage: https://www.xinuos.com/products Software Link: https://www.sco.com/products/openserver507/-overview Affected Version: Tested on...

6.3AI score0.08142EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/10/31 12:0 a.m.314 views

Carel pCOWeb HVAC Insecure Credential Storage

Advisory: Unsafe Storage of Credentials in Carel pCOWeb HVAC The Carel pCOWeb card stores password hashes in the file "/etc/passwd", allowing privilege escalation by authenticated users. Additionally, plaintext copies of the passwords are stored. Details ======= Product: HVAC units using the OEM...

10CVSS9.4AI score0.07058EPSS
Exploits2
Total number of security vulnerabilities5000