Lucene search
K

59 matches found

OSV
OSV
added 2023/03/07 6:20 p.m.30 views

CVE-2023-27481 Extract password hashes through export querying in directus

Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allow...

4.3CVSS5.1AI score0.00604EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.5 views

SUSE CVE-2013-4885

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences...

6.8CVSS6.7AI score0.07217EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.2 views

Grafana 信息泄露漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface. The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus, etc. Grafana has a security vulnerability that stems from the fact that an attacker can bypass access...

6.7CVSS6.8AI score0.00696EPSS
Exploits0References7
Veracode
Veracode
added 2022/10/21 12:7 p.m.28 views

Information Disclosure

org.opencrx:opencrx-core is vulnerable to information disclosure. A remote attacker is able to determine if a username, email or an ID is valid through password enumeration due to the difference in error messages received during a password reset...

5.3CVSS5.3AI score0.02422EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/10/20 7:0 p.m.23 views

GHSA-J5V3-363P-G843 OpenCRX vulnerable to password enumeration via error messages in password reset

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...

5.3CVSS5.2AI score0.00634EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/10/20 7:0 p.m.29 views

OpenCRX vulnerable to password enumeration via error messages in password reset

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...

5.3CVSS5.6AI score0.00634EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/10/20 2:15 p.m.45 views

CVE-2022-40084

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...

5.3CVSS0.00634EPSS
Exploits1References2
Prion
Prion
added 2022/10/20 2:15 p.m.18 views

Design/Logic Flaw

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...

5CVSS5.3AI score0.00634EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/10/20 12:0 a.m.82 views

CVE-2022-40084

OpenCRX prior to v5.2.2 is vulnerable to password enumeration due to differences in error messages during password reset, enabling an attacker to determine if a username, email, or ID is valid. Affected product: OpenCRX (versions before 5.2.2). Root cause: inconsistent/verbose error responses rev...

5.3CVSS5.3AI score0.00634EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/20 12:0 a.m.7 views

PT-2022-25192 · Opencrx · Opencrx

Name of the Vulnerable Software and Affected Versions: OpenCRX versions prior to 5.2.2 Description: The issue allows an attacker to determine if a username, email, or ID is valid due to the difference in error messages received during a password reset. This is a result of password enumeration...

5.3CVSS5.1AI score0.02422EPSS
Exploits1References8
OSV
OSV
added 2022/10/20 12:0 a.m.41 views

CVE-2022-40084

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...

5.3CVSS5.4AI score0.02422EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/10/20 12:0 a.m.48 views

CVE-2022-40084

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...

5.6AI score0.00634EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/10/20 12:0 a.m.8 views

CVE-2022-40084

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...

5.3AI score0.00634EPSS
Exploits1References2
NVD
NVD
added 2022/08/22 3:15 p.m.28 views

CVE-2022-34772

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...

8.8CVSS0.00462EPSS
Exploits0References1
OSV
OSV
added 2022/08/22 3:15 p.m.3 views

CVE-2022-34772

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...

8.8CVSS5.8AI score0.00462EPSS
Exploits0References1
CVE
CVE
added 2022/08/22 2:42 p.m.293 views

CVE-2022-34772

CVE-2022-34772 affects Tabit (password verification) where the 4-digit OTP login flow allows unlimited resend attempts, enabling password enumeration due to lack of effective rate limiting. Documented evidence from PT-2022-22323 notes password enumeration and API rate-limiting weakness; no patch/...

8.8CVSS6.6AI score0.00462EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/22 2:42 p.m.29 views

CVE-2022-34772 Tabit - password enumeration

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...

4.3CVSS9AI score0.00462EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.6 views

PT-2022-22323 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue concerns password enumeration in the Tabit system, which uses a 4-digit One-Time Password OTP. An attacker can resend the OTP and attempt to log in indefinitely, highlighting a lack...

8.8CVSS8.6AI score0.00462EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/08/17 11:14 a.m.1 views

CVE-2022-34772

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...

8.8CVSS5.9AI score0.00462EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/10/19 1:15 p.m.6 views

CVE-2021-38462

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf...

9.8CVSS5.8AI score0.01113EPSS
Exploits0References1
Rows per page
Query Builder