CloudExplorer Lite 安全漏洞

CloudExplorer Lite is CloudExplorer's platform that provides out-of-the-box basic functionality for cloud hosting management, cloud billing, operational analytics, and security compliance, as well as powerful extensibility to meet the customization needs of enterprises. A security vulnerability...

World Password Day must die

The continued existence of World Password Day is a tell that something has gone badly wrong in cybersecurity. Now in its tenth year, the day is supposed to act as an annual reminder for people to follow good password hygiene: Dont reuse passwords; use long passwords; no, longer passwords than tha...

The vulnerability of the system entry console in the Cisco Unified Computing System (UCS) Manager, which manages the UCS 6400 and UCS 6500 routers, as well as the Cisco Nexus 9000 Series PID, allows a intruder to trigger a service failure.

The vulnerability of the system entry console in the Cisco Unified Computing System UCS Manager, which manages UCS 6400 and UCS 6500 routers and Cisco Nexus 9000 Series PIDS, is related to deficiencies in the password authentication process. Exploiting this vulnerability can allow attackers to...

Cisco Nexus 9300-FX3 Series 授权问题漏洞

The Cisco Nexus 9300-FX3 Series is a series of switches from Cisco. A security vulnerability exists in the Cisco Nexus 9300-FX3 Series Fabric Extender FEX that stems from an improper implementation of the password authentication feature. An attacker could exploit the vulnerability to bypass...

[SECURITY] Fedora 37 Update: curl-7.85.0-6.fc37

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2022-30421

Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained vialocal password authentication module...

CVE-2022-30421

Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained vialocal password authentication module...

Authentication flaw

Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained vialocal password authentication module...

portfolioCMS 授权问题漏洞

portfolioCMS is Bootstrap portfolio website with admin panel. A security vulnerability exists in Westbrookadmin portfolioCMS v1.05. An attacker could exploit the vulnerability to bypass password authentication and gain access to sensitive information via session fixation...

CVE-2022-23746

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender SNX. If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords...

CVE-2022-23746

CVE-2022-23746 concerns brute-force vulnerability in the IPsec VPN blade SNX portal when configured for username/password authentication. The Red Hat, NVD, and other records consistently describe a credential-guessing flaw targeting the SNX portal; exploitation status is not detailed in the provi...

New RapperBot malware targets gaming servers with DDoS attacks

By Deeba Ahmed RapperBot malware is known for brute-forcing SSH servers that can accept password authentication. This is a post from HackRead.com Read the original post: New RapperBot malware targets gaming servers with DDoS attacks...

EulerOS 2.0 SP8 : 389-ds-base (EulerOS-SA-2022-2214)

According to the versions of the 389-ds-base package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being...

MAL-2022-3834 Malicious code in ing-orange-corporatekey-password-authentication (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 722024f8bcb8ef22b7b81fd8d5d0f293a16e83de1e9cfd31c42177967515b6a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-24083

CVE-2022-24083 affects Pegasystems/Pega software (Pega Infinity). The vulnerability is a password authentication bypass for local accounts, allowing bypass of local authentication checks. The CVSS metrics reported (NVD/PEGA) indicate CRITICAL impact (C/H, I/H, A/H) with NETWORK attack vector and ...

PT-2022-16458 · Pegasystems +1 · Pega Infinity +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. Recommendations: At the moment, the...

PowerProxy - PowerShell SOCKS Proxy With Reverse Proxy Capabilities

PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted by default. Username/Password authentication i...

JVN#72801744: UNIVERGE WA Series vulnerable to OS command injection

Remote system maintenance feature of UNIVERGE WA series "Local maintenance console/Remote maintenance console/Web based remote console maintenance" contains an OS command injection vulnerability CWE-78. Impact If an attacker who can access the product sends specific character strings or a special...

SUSE-SU-2022:0743-1 Security update for cyrus-sasl

This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sqlauxpropstore in plugins/sql.c bsc1196036. The following non-security bugs were fixed: - postfix: sasl authentication with password fails bsc1194265...

Shadow Credentials

Microsoft has introduced Windows Hello for Business WHfB to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading - Shadow Credentials...