Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
superuser vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-31240
Snap One OvrC Pro versions before 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.
Snapone Orvc
9.8
CVSSv3
CVE-2023-1778
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote malicious user to login as superuser by using default username/password via web-based management interface and/or ...
Gajshield Data Security Firewall Firmware
9.8
CVSSv3
CVE-2022-28812
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.
Gavazziautomation Cpy Car Park Server
Gavazziautomation Uwp 3.0 Monitoring Gateway And Controller Firmware
9.8
CVSSv3
CVE-2022-1668
Weak default root user credentials allow remote malicious users to easily obtain OS superuser privileges over the open TCP port for SSH.
Secheron Sepcos Control And Protection Relay Firmware
9.8
CVSSv3
CVE-2021-43035
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to...
Kaseya Unitrends Backup
9.8
CVSSv3
CVE-2021-37555
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem throug...
Trixie Tx9 Automatic Food Dispenser Firmware 3.2.57
9.8
CVSSv3
CVE-2021-28152
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.
Hongdian H8922 Firmware 3.0.5
9.8
CVSSv3
CVE-2020-9409
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated malicious user to ob...
Tibco Jasperreports Server
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
9.8
CVSSv3
CVE-2019-11526
An issue exists in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the malicious user to write files with superuser privileges in specific locations.
Softing Uagate Si Firmware 1.60.01
9.8
CVSSv3
CVE-2018-1822
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an malicious user to gain administrative control or to deny service. ...
Ibm Flashsystem 900 Firmware 1.4
Ibm Flashsystem 840 Firmware 1.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »