CVE-2024-47656

This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user...

CVE-2024-47656

CVE-2024-47656 affects the Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API-based login. A remote attacker could perform a brute-force password attack and potentially gain unauthorized access to other user accounts. Several connected sources indicate aff...

CVE-2024-47656 User Enumeration vulnerability

This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user...

Shilpi Client Dashboard 安全漏洞

Shilpi Client Dashboard is a centralized dashboard from Shilpi. A security vulnerability exists in Shilpi Client Dashboard versions prior to 9.7.0, which stems from a lack of limitations on incorrect login attempts for API logins, which could lead to unauthorized access to other user accounts...

CVE-2024-47088

This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to...

CVE-2024-47088

CVE-2024-47088 affects Apex Softcell LD Geo and stems from missing restrictions on excessive failed authentication attempts via its API login, enabling brute-force attempts on login OTP. Public sources (NVD/Red Hat/CVE List) describe a high-severity impact (unauthorized access possible; CVSS scor...

CVE-2024-45790 User Enumeration vulnerability

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to...

NetIQ Advanced Authentication Brute Force Vulnerability

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A brute force vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1, which stems from not...

CVE-2021-22530

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authenticati...

CVE-2021-22530

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authenticati...

CVE-2021-22530

CVE-2021-22530 affects NetIQ Advance Authentication and describes a brute-force risk on the API login that does not enforce account lockout. Affected are versions prior to 6.3.5.1. Potential impact includes user account compromise and possible server performance degradation. Remediation per the c...

CVE-2023-5830

A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack...

CVE-2023-27742

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login...

CVE-2023-27742

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login...

App Layering - (400) Bad Request with ImportOsLayer.ps1

ImportOsLayer.ps1 script PS C:\windows\Setup\Scripts .\ImportOsLayer.ps1 -ElmAddress -IgnoreCertError ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Script 0.0 DynamicModule1cbe0359-cdf4-45... New-CALOperatingSystem, New-CALSession Failed to call API at and Meth...

PT-2021-22719 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.1 and later Description: An improper access control issue allows users with expired passwords to continue accessing GitLab through git and API endpoints, such as "/api/v1/login", using access tokens acquired before...

GHSA-FQRR-RRWG-69PV Local API Login Credentials Disclosure in paratrooper-pingdom

The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process. Vulnerable Code: From: paratrooper-pingdom-1.0.0/lib/paratrooper-pingdom.rb ruby def setupoptions = %xcurl https://api.pingdom.com/api/2.0/checks -X PUT ...

Local API Login Credentials Disclosure in paratrooper-pingdom

The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process. Vulnerable Code: From: paratrooper-pingdom-1.0.0/lib/paratrooper-pingdom.rb ruby def setupoptions = %xcurl https://api.pingdom.com/api/2.0/checks -X PUT ...

paratrooper-pingdom Gem for Ruby /lib/paratrooper-pingdom.rb API Login Credentials Local Disclosure

paratrooper-pingdom Gem for Ruby contains a flaw in /lib/paratrooper-pingdom.rb. The issue is triggered when the script exposes API login credentials, allowing a local attacker to gain access to the API key, username, and password for the API login by monitoring the process tree...

Fedora 12 : mediawiki-1.15.3-53.fc12 (2010-6335)

This is a security and bugfix release of MediaWiki 1.15.3. Three security issues are fixed in this update: A CSS validation issue was discovered which allows editors to display external images in wiki pages. A data leakage vulnerability was discovered in thumb.php which affects wikis which restri...