Juplink RX4-1500 Hard-coded Credential Vulnerability
EIP-6a41336a Hard coded credentials exists in Juplink RX4-1500, a WiFi router. An unauthenticated attacker can exploit this vulnerability to log into the web interface or telnet
EIP-6a41336a Hard coded credentials exists in Juplink RX4-1500, a WiFi router. An unauthenticated attacker can exploit this vulnerability to log into the web interface or telnet
EIP-9f56ea7e A command injection exists in Juplink RX4-1500, a WiFi router. An authenticated attacker can exploit this vulnerability to achieve code execution as root. Vulnerability Identifiers
EIP-57838768 A command injection vulnerability exists in Juplink RX4-1500, a WiFi router. An authenticated attacker can exploit this vulnerability to achieve code execution as root. Vulnerability
EIP-3fd79566 A credential disclosure vulnerability exists in Juplink RX4-1500, a WiFi router. An authenticated attacker can exploit this vulnerability to achieve code execution as root. Vulnerability Identifiers
EIP-b5185f25 A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router. An authenticated attacker can exploit this vulnerability to achieve code execution as root. Vulnerability
EIP-ad32d249 A local privilege escalation vulnerability exists in the CloudLinux Lightweight Virtualized Environment (LVE) kernel module due to an overflow of a reference counter. Successful exploitation
EIP-6a6472ab A remote code execution vulnerability exists in SonicWall SMA 100 Series and SMA 500v Series due to a heap buffer overflow in the ‘extensionsetting’
EIP-50a1e402 An information disclosure vulnerability exists in Schneider Electric SoMachine HVAC due to a method in the ‘AxEditGrid3.ocx’ ActiveX control leaking a heap address of
EIP-9098806c A vulnerability exists within the httpd server of the TP-Link WA850RE Universal Wi-Fi Range Extender that allows remote unauthenticated attackers to download the configuration
EIP-7758d2d4 A vulnerability exists within the httpd server of the TP-Link WA850RE Universal Wi-Fi Range Extender that allows authenticated attackers to inject arbitrary commands as
EIP-9ad27c94 An uninitialized pointer vulnerability exists within TP-Link’s WR940N and WR941ND SOHO router devices specifically during the processing of UPnP/SOAP SUBSCRIBE requests. Successful exploitation allow
EIP-c4542e4d A stack-based buffer overflow vulnerability exists within multiple Mitel product web management interfaces, including the 3300 Controller and MiVoice Business product lines. Improper handling
EIP-0077b802 A type confusion vulnerability exists within SalesAgility SuiteCRM within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated
EIP-0f5d2d7f A SQL injection vulnerability exists within SalesAgility SuiteCRM within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated
EIP-3b20d7b3 A command injection vulnerability exists within the web management interface of the D-Link DIR-1260 Wi-Fi router that allows for unauthenticated attackers to execute arbitrary
EIP-b4311e44 A vulnerability exists within Advantech iView SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability
EIP-d835f368 A vulnerability exists within Advantech iView SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability
EIP-626345ce A vulnerability exists within Advantech iView SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability
EIP-62f7da8c A vulnerability exists within Advantech iView SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability
EIP-824d14ae A vulnerability exists within Advantech iView SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability
EIP-db4e064b A stack-based buffer overflow vulnerability exists within Xerox DocuShare. Exploitation of the vulnerability allows for attackers to execute arbitrary code with system privileges. The
EIP-c728d1ef A stack-based buffer overflow vulnerability exists within Xerox DocuShare. Exploitation of the vulnerability allows for attackers to execute arbitrary code with system privileges. The
EIP-6185db3e A stack-based buffer overflow vulnerability exists within Xerox DocuShare. Exploitation of the vulnerability allows for attackers to execute arbitrary code with system privileges. The
EIP-521a3b40 A cross-site request forgery vulnerability exists within the ZyXEL Armor Z1 AC2350 and Z2 AC2600 series. Exploitation of the vulnerability allows for attackers to
EIP-c624ba9f A command-injection vulnerability exists within the ZyXEL Armor Z1 AC2350 series. The vulnerable endpoint is within the ‘photobak’ component found in the cgi-bin. Exploitation
EIP-1a8a439f A vulnerability exists in Zlibc that allows a local attacker to execute arbitrary code with elevated privileges through manipulation of the LD_ZLIB_CONFFILE and LD_ZLIB_UNCOMPRESSOR
EIP-55f127ea A vulnerability exists within Arris SURFboard’s handling of Simple Service Discovery Protocol (SSDP) messages. A specially crafted NOTIFY message with a LOCATION header can
EIP-7d4ec9e3 Several versions of LiveAction LiveNX network monitoring software contain Amazon Web Services (AWS) credentials. These credentials have privileged access to the LiveAction AWS infrastructure. A
EIP-0e1ca3ec A vulnerability exists within UltraVNC’s “vncviewer.exe” client. A malicious server can trigger an arbitrary memory write condition through a flaw in the function ClientConnection::SolidColor
EIP-0e1ca3ec A vulnerability exists within UltraVNC’s “vncviewer.exe” client. Specifically a malicious server may write arbitrary data to arbitrary memory locations through the in the “rfbServerInitMsg”
EIP-930b0ea5 A vulnerability exists within UltraVNC’s “vncviewer.exe” client. Specifically a heap overflow can be triggered in the “ClientConnection::ReadUltraRect” function upon decompression of malicious formatted data
EIP-5182fb5b A vulnerability exists within UltraVNC view due to a lack of proper stack memory buffer cleanup before constructing the ‘rfbTextChat’ message, which results in
EIP-852fe633 An arbitrary file read vulnerability has been found in NEC EXPRESSCLUSTER X that can allow an attacker to read files off the target system.
EIP-d8554689 An arbitrary file upload vulnerability has been found in NEC EXPRESSCLUSTER X. WebManager (clpwebmc.exe) is a webserver tasked with providing remote administrative access, it
EIP-9eccc486 A remote command execution vulnerability has been found in NEC EXPRESSCLUSTER X. WebManager (clpwebmc.exe) is a webserver tasked with providing remote administrative access, it
EIP-2ba7cebd A stack-based buffer overflow has been found in NEC EXPRESSCLUSTER X that can lead to remote arbitrary code execution with full SYSTEM privileges. The
EIP-5f2cf48c A stack-based buffer overflow has been found in NEC EXPRESSCLUSTER X that can lead to remote arbitrary code execution with full SYSTEM privileges. The
EIP-fba18752 A stack-based buffer overflow has been found in NEC EXPRESSCLUSTER X that can lead to remote arbitrary code execution with full SYSTEM privileges. The
EIP-8b0cfb43 A stack-based buffer overflow has been found in NEC EXPRESSCLUSTER X that can lead to remote arbitrary code execution with full SYSTEM privileges. The
EIP-ff1ca610 A stack-based buffer overflow has been found in NEC EXPRESSCLUSTER X that can lead to remote arbitrary code execution with full SYSTEM privileges. The
EIP-d3400c52 The Serv-U File Server supports site specific commands which may not be universally supported by all FTP clients. Among these is the SITE EXEC command
EIP-035220ca The vulnerability affects both Data Loss Prevention (DLP) Endpoint for Windows and the DLP Discover products from McAfee. The vulnerability is present within the included
EIP-47ea5148 A heap buffer overflow vulnerability exists in the IA32.api module of Adobe Acrobat and Acrobat Reader DC. Upon parsing a specially crafted PDF document
EIP-884255a1 The vulnerability exists within an RPC interface listening on TCP port 6000, exposed by Foxit PhantomPDF. The ConvertToPDF method of the Creator object does
EIP-adf3136a The vulnerability exists within an RPC interface listening on TCP port 6000, exposed by Foxit PhantomPDF. The CombineFiles method of the Creator object does
EIP-68b878c6 The vulnerability exists within the ConnectedPDF service, implemented by the FoxitPhantomConnectedPDFService.exe binary. The service listens for connections on TCP port 44440 on localhost and
EIP-962d432f The vulnerability exists within the ConnectedPDF service, implemented by the FoxitPhantomConnectedPDFService.exe binary. The service listens for connections on TCP port 44440 on localhost and
EIP-6eceec3d The vulnerability exists within the ConnectedPDF service, implemented by the FoxitPhantomConnectedPDFService.exe binary. The service listens for connections on TCP port 44440 on localhost and
EIP-a5cba843 The vulnerability exists within the JavaScript PDF API exposed by Foxit PhantomPDF. The extractPages method of the Document object does not properly validate the
EIP-617871b4 The vulnerability exists within the JavaScript PDF API exposed by Foxit PhantomPDF. The loadHtmlView method of the app object invokes attacker-controlled JavaScript code in