Administrator

3 exploits Active since May 2018
CVE-2018-10734 WRITEUP CRITICAL WRITEUP
KONGTOP A303 A403 D303 D305 D403 Firmware - Unauthenticated Sensitive Information Exposure via Print_Password Function
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.
CVSS 9.8
CVE-2018-10734 WRITEUP CRITICAL WORKING POC
KONGTOP A303 A403 D303 D305 D403 Firmware - Unauthenticated Sensitive Information Exposure via Print_Password Function
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.
CVSS 9.8
CVE-2021-4246 WRITEUP MEDIUM WRITEUP
roxlukas LMeve < 0.1.61 - SQL Injection via X-Forwarded-For Header
A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216176.
CVSS 6.3