Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27144 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. | |||||
| CVE-2021-27165 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials. | |||||
| CVE-2021-27166 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon. | |||||
| CVE-2021-27167 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so. | |||||
| CVE-2021-27168 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account. | |||||
| CVE-2021-27169 | 1 Fiberhome | 2 An5506-04-fa, An5506-04-fa Firmware | 2021-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account. | |||||
| CVE-2021-27170 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet. | |||||
| CVE-2021-27171 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell). | |||||
| CVE-2021-27172 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh. | |||||
| CVE-2021-27177 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server. | |||||
| CVE-2020-11920 | 1 Svakom | 2 Siime Eye, Siime Eye Firmware | 2021-02-11 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root). | |||||
| CVE-2019-12519 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow. | |||||
| CVE-2021-27164 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP. | |||||
| CVE-2021-27163 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP. | |||||
| CVE-2021-27162 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP. | |||||
| CVE-2021-27161 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP. | |||||
| CVE-2021-27160 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP. | |||||
| CVE-2021-27159 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP. | |||||
| CVE-2021-27158 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP. | |||||
| CVE-2021-27157 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP. | |||||
| CVE-2021-27156 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0 interface. | |||||
| CVE-2021-27154 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP. | |||||
| CVE-2021-27155 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP. | |||||
| CVE-2021-27153 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP. | |||||
| CVE-2021-27152 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP. | |||||
| CVE-2021-27151 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP. | |||||
| CVE-2021-27150 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP. | |||||
| CVE-2021-27149 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP. | |||||
| CVE-2021-27148 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP. | |||||
| CVE-2021-27147 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP. | |||||
| CVE-2021-27146 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP. | |||||
| CVE-2021-27145 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP. | |||||
| CVE-2020-26051 | 1 College Management System Project | 1 College Management System | 2021-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query. | |||||
| CVE-2020-6649 | 1 Fortinet | 1 Fortiisolator | 2021-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | |||||
| CVE-2020-16629 | 1 Phpok | 1 Phpok | 2021-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path. | |||||
| CVE-2019-18655 | 1 Upredsun | 1 File Sharing Wizard | 2021-02-10 | 10.0 HIGH | 9.8 CRITICAL |
| File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331. | |||||
| CVE-2020-15690 | 1 Nim-lang | 1 Nim | 2021-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. | |||||
| CVE-2021-3122 | 1 Ncr | 1 Command Center Agent | 2021-02-09 | 10.0 HIGH | 9.8 CRITICAL |
| CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor's position is that exploitation occurs only on devices with a certain "misconfiguration." | |||||
| CVE-2019-12524 | 3 Canonical, Debian, Squid-cache | 3 Ubuntu Linux, Debian Linux, Squid | 2021-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource. | |||||
| CVE-2021-26754 | 1 Wpdatatables | 1 Wpdatatables | 2021-02-09 | 10.0 HIGH | 9.8 CRITICAL |
| wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection. | |||||
| CVE-2020-15692 | 1 Nim-lang | 1 Nim | 2021-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands. | |||||
| CVE-2020-18717 | 1 Zzzcms | 1 Zzzphp | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. | |||||
| CVE-2020-10857 | 1 Zulip | 1 Zulip Desktop | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution. | |||||
| CVE-2020-7775 | 1 Freediskspace Project | 1 Freediskproject | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js. | |||||
| CVE-2021-3401 | 1 Bitcoin | 1 Bitcoin | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited." | |||||
| CVE-2021-1294 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2021-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-1295 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2021-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-1290 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2021-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-1291 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2021-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-1292 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2021-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||