Metasploit Exploits
3,299 exploits tracked across all sources.
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
by todb
PostgreSQL Database Name Command Line Flag Injection
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
by hdm
Cambium Networks ePMP - Improper Privilege Management via SNMP Community Strings
An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.
by Karn Ganeshen
CVSS 7.6
Cambium Networks cnPilot <4.3.2-R4 - Info Disclosure
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.
by Karn Ganeshen
CVSS 8.0
Router/FW - Info Disclosure
An account on a router, firewall, or other network device has a default, null, blank, or missing password.
Router/FW - Info Disclosure
An account on a router, firewall, or other network device has a default, null, blank, or missing password.
Arris Touchstone DG950A <7.10.131 - Info Disclosure
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request.
by Deral, Heiland
libssh Authentication Bypass Scanner
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
by Peter Winter-Smith, wvu
CVSS 9.1
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
by todb, RageLtMan
Juniper ScreenOS 6.2.0r15-6.2.0r18, 6.3.0r12-6.3.0r20 - Remote Admin Access via Hardcoded Password
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.
by hdm
CVSS 9.8
SSH Version Scanner
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
CVSS 3.7
Eaton Power Xpert Meter 4000, 6000, and 8000 Firmware < 13.4.0.10 - Use of Hard-coded SSH Private Key
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
by BrianWGray
CVSS 9.8
Fortinet <5.0.12 - Hardcoded Passphrase
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
CVSS 9.8
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by kenkeiras, Dariusz Tytko, Michal Sajdak, Qualys, wvu
CVSS 5.3
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
Winlog Pro < 2.07.17 - Unauthenticated Path Traversal via TCP Port 46824 File Operations
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.
by Luigi Auriemma, juan vazquez
InduSoft Web Studio <7.0+Patch 1 - Path Traversal
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.
by Unknown, juan vazquez
Moxa UDP Device Discovery
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating.
CVSS 9.8
ColoradoFTP Server < 1.3 Build 8 - Path Traversal
A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP.
by h00die <[email protected]>, RvLaboratory
Konica Minolta FTP Utility 1.0 - Path Traversal
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
by Jay Turla, James Fitts
Titan FTP Server < 8.10.1125 - Authenticated Path Traversal via XCRC Command
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.
by jduck
BisonWare BisonFTP <3.5 - Path Traversal
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
by Jay Turla, James Fitts
Easy File Sharing FTP Server < 3.6 - Path Traversal
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.
by Ahmed Elhady Mohamed
CVSS 7.5
PCMan's FTP Server <2.0.7 - Path Traversal
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
by Jay Turla, James Fitts
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
By Source