Lucene search
K

59 matches found

CNVD
CNVD
added 2021/10/12 12:0 a.m.15 views

Unspecified vulnerability exists in IR615 Router (CNVD-2021-82943)

The IR615 Router is a 4G industrial router from Rimu Technologies, China. The IR615 Router has a security vulnerability that could be exploited by an attacker to obtain user credentials to enumerate passwords and emulate other application users and perform actions on their behalf...

7.5CVSS4.4AI score0.01113EPSS
Exploits0
Exploit DB
Exploit DB
added 2021/02/26 12:0 a.m.596 views

Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module)

!/usr/bin/env python3 -- coding: utf-8 -- standard modules from metasploit import module extra modules DEPENDENCIESMISSING = False try: import base64 import itertools import os import requests except ImportError: DEPENDENCIESMISSING = True Metasploit Metadata metadata = 'name': 'Microsoft RDP Web...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.806 views

Remote Desktop Web Access Authentication Timing Attack

!/usr/bin/env python3 -- coding: utf-8 -- standard modules from metasploit import module extra modules DEPENDENCIESMISSING = False try: import base64 import itertools import os import requests except ImportError: DEPENDENCIESMISSING = True Metasploit Metadata metadata = 'name': 'Microsoft RDP Web...

0.8AI score
Exploits0
NVD
NVD
added 2020/12/23 3:15 p.m.26 views

CVE-2020-35586

In Solstice Pod before 3.3.0 or Open4.3, the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement e.g., it might be all digits or all lowercase letters...

7.5CVSS7.7AI score0.01352EPSS
Exploits1References3
CVE
CVE
added 2020/12/23 2:58 p.m.41 views

CVE-2020-35586

Solstice Pod (before 3.3.0) and Solstice Open4.3 vulnerability where the Administrator password can be enumerated by brute-forcing the Open Control API endpoint /Config/service/initModel?password= due to no password complexity requirements. Affected products are Solstice Pod prior to 3.3.0 and So...

7.5CVSS7.6AI score0.01352EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2019/07/28 4:15 p.m.14 views

CVE-2019-14351

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters...

8.8CVSS8.6AI score0.01263EPSS
Exploits1References1
Node.js
Node.js
added 2019/06/07 7:15 p.m.23 views

Malicious Package

Overview Version 1.0.3 of libubx contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluat...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:56 a.m.42 views

Security Bulletin: Login Error Messages Credential Enumeration in ClearQuest Web (CVE-2014-3105)

Summary IBM Rational ClearQuest Web for OSLC integration is vulnerable to Login Error Messages Credential Enumeration. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your...

5CVSS1.3AI score0.01667EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2017/08/02 5:9 a.m.21 views

Legal Robot: Change password logic inversion

A security researcher discovered that during the password change process, the new password was validated before verifying the old password's accuracy, despite the user entering the values and submitting on a single form. If a user was logged in on a shared machine, this could have led to a...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2016/02/29 1:46 p.m.34 views

Veris: Password(s) can be found via login process.

Hello security team, It is possible to find passwords of other users by enumerate the login process. The scenario is quiet simple: 1 Go to https://sandbox.veris.in/portal/login/ 2 Fill in 'Email ID' and 'Password' and click 'Log In' 3 Capture the request via burp suite and send it to intruder. 4...

0.1AI score
Exploits0
CVE
CVE
added 2015/08/24 2:0 p.m.137 views

CVE-2015-3238

The CVE affects the Linux-PAM pam_unix module. The _unix_run_helper_binary function, when it cannot access passwords directly, can write to a blocking pipe, allowing local users to enumerate usernames or cause a denial of service (hang). This is documented for pam before version 1.2.1. Impact is ...

6.5CVSS6.1AI score0.02705EPSS
Exploits1References13Affected Software1
UbuntuCve
UbuntuCve
added 2015/08/24 12:0 a.m.32 views

CVE-2015-3238

The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...

6.5CVSS6.6AI score0.02705EPSS
Exploits1References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

YourArcadeScript 2.0b1 - Blind SQL Injection

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwPOST; use Getopt::Long; '/ -.- ------------------oOO------OOo----------------- | | | / / / / | | / / / / / / / / / / / | | // // / / / // / // / // | | ///,// /./,/, // | | Security Research...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2014/04/20 2:52 p.m.19 views

FS-NyarL - Network Takeover & Forensic Analysis Tool

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony. It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :- A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at...

7.7AI score
Exploits0
OSV
OSV
added 2013/10/26 5:55 p.m.2 views

DEBIAN-CVE-2013-4885

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences...

6.8CVSS7.1AI score0.07217EPSS
Exploits2References1
securityvulns
securityvulns
added 2010/01/28 12:0 a.m.80 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Advisory ID: cisco-sa-20100127-mp Revision 1.0 For Public Release 2010 Jan 27 1600 UTC GMT +--------------------------------------------------------------------- Summary...

10CVSS0.7AI score0.02631EPSS
Exploits1
Packet Storm
Packet Storm
added 2009/01/28 12:0 a.m.35 views

Lore 1.5.6 SQL Injection

Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias C1c4tr1z,Tecn0x,Lix,1995,N0b0dy,NanonRoses,Codebreak?,Nork,AzraelNuKE && Todos los Miembros de...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/06/02 12:0 a.m.23 views

WebChat 2.0 - 'users.php?Database Username Disclosure

source: https://www.securityfocus.com/bid/7777/info WebChat has been reported prone to a database username disclosure weakness. The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a guessed username as a specific URI parameter to the...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/04/03 12:0 a.m.44 views

NETGEAR FM114P ProSafe Router Multiple Vulnerabilities

The NETGEAR FM114P ProSafe Wireless Router and possibly other devices discloses the username and password of the WAN when it receives specially crafted UPnP soap requests. An attacker may use this flaw to steal a valid username and password. In addition to this, an attacker may use UPnP to disabl...

5.5AI score
Exploits0References2
Rows per page
Query Builder