Lucene search
+L

111 matches found

ptsecurity
ptsecurity
added 2024/04/03 12:0 a.m.6 views

PT-2024-14372 · D Link · D-Link Covr 1100 +2

Name of the Vulnerable Software and Affected Versions: D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System Hardware Rev B1 Description: The issue truncates Wireless Access Point Passwords WPA-PSK, allowing an attacker to gain unauthorized network access via weak...

8.1CVSS7.4AI score0.00301EPSS
Exploits0References3
github
github
added 2023/09/12 1:50 p.m.31 views

Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. The current implementation of BaseUser.login leaks enough information to a malicio...

5.3CVSS7.7AI score0.00459EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2023/06/07 6:15 p.m.13 views

CVE-2023-34109

zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with...

7.5CVSS6.7AI score0.00496EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/06/07 12:0 a.m.6 views

zxcvbn-ts 资源管理错误漏洞

zxcvbn-ts is zxcvbn-ts open source a password strength estimator inspired by password crackers. A resource management error vulnerability exists in versions prior to zxcvbn-ts 3.0.2, which stems from...

7.5CVSS7.3AI score0.00496EPSS
Exploits0References3
veracode
veracode
added 2023/02/05 2:22 p.m.18 views

Weak Password Requirements

publifycore is vulnerable to Weak Password Requirements. A remote attacker can easily compromise user accounts due to missing password strength constraints...

6.5CVSS6.5AI score0.007EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2022/09/26 10:7 a.m.30 views

CVE-2022-36159

Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface an...

9.1AI score0.00975EPSS
Exploits1References4
nvd
nvd
added 2022/08/29 4:15 p.m.14 views

CVE-2022-27558

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking...

7.5CVSS0.00491EPSS
Exploits0References1
cvelist
cvelist
added 2022/08/29 4:0 p.m.26 views

CVE-2022-27558 HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability.

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking...

5.9CVSS7.7AI score0.00491EPSS
Exploits0References1
cve
cve
added 2022/08/29 4:0 p.m.62 views

CVE-2022-27558

CVE-2022-27558 concerns HCL iNotes with a broken Password Strength Check, where custom password policies are not enforced on certain iNotes forms. The root cause, as described, is that password strength/policy enforcement may be bypassed, allowing users to set weak passwords and potentially enabl...

7.5CVSS6.6AI score0.00491EPSS
Exploits0References1Affected Software2
ptsecurity
ptsecurity
added 2022/08/29 12:0 a.m.4 views

PT-2022-18482 · Hcl · Hcl Notes

Name of the Vulnerable Software and Affected Versions: HCL iNotes affected versions not specified Description: The issue concerns a Broken Password Strength Checks problem. Custom password policies are not enforced on certain iNotes forms, which could allow users to set weak passwords. This...

7.5CVSS7.5AI score0.00491EPSS
Exploits0References3
cnnvd
cnnvd
added 2022/08/25 12:0 a.m.4 views

HCL Technologies HCL Domino 安全漏洞

HCL Technologies HCL Domino is a software application from HCL Technologies, India. It provides a platform for application development. A security vulnerability exists in HCL Domino, which can be exploited by an attacker to bypass the restrictions of HCL Domino | iNotes and pass the password...

7.5CVSS5.7AI score0.00491EPSS
Exploits0References3
attackerkb
attackerkb
added 2022/08/24 8:45 p.m.4 views

CVE-2022-27558

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking...

7.5CVSS5.9AI score0.00491EPSS
Exploits0References2Affected Software1
osv
osv
added 2022/08/23 12:0 a.m.30 views

GHSA-QHM8-69QH-G76J Missing password strength check in notrinos/notrinos-erp

In versions of notrinos/notrinoserp prior to 0.7 new account passwords were missing a password strength check...

7.3CVSS9.5AI score0.00757EPSS
Exploits1References4
github
github
added 2022/08/23 12:0 a.m.37 views

Missing password strength check in notrinos/notrinos-erp

In versions of notrinos/notrinoserp prior to 0.7 new account passwords were missing a password strength check...

9.8CVSS9.1AI score0.00757EPSS
Exploits1References4Affected Software1
huntr
huntr
added 2022/08/02 2:0 p.m.8 views

Weak password policy on account creation/password update

Description The password policy used in the account creation and password change pages is weak, allowing to set a password of only 1 character. Proof of Concept Case 1 - Account Creation 1. 1 - Login as admin and go to the users page. 2. 2 - Create a new user and set 1 as the password and click i...

0.2AI score
Exploits0
huntr
huntr
added 2022/07/30 3:9 p.m.11 views

Weak password policy on account creation/password update

Description The password policy used in the account creation and password change pages is weak, allowing to set a password of only 1 character. Proof of Concept Case 1 - Account Creation 1. 1 - Login as admin and go to the users page. 2. 2 - Create a new user and set 1 as the password and click i...

0.3AI score
Exploits0
pentestpartners
pentestpartners
added 2022/07/12 5:53 a.m.13 views

Stop using phishing as a measure of your cyber awareness culture

If I had a penny for every time someone said to me “let’s measure our security culture by phishing our staff” I’d probably be able to fill my car up. It’s a really easy thing to do, you carry out some online training and typically they come with phishing simulations as a free or low cost add on. ...

7.2AI score
Exploits0
osv
osv
added 2022/05/24 5:7 p.m.13 views

GHSA-CW58-GPGW-HWX2 Plone allows weak passwords

Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking...

8.7CVSS7.4AI score0.01253EPSS
Exploits0References7
cnvd
cnvd
added 2022/01/06 12:0 a.m.22 views

DayByDay CRM Information Disclosure Vulnerability (CNVD-2022-68550)

DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. An information disclosure vulnerability exists in DayByDay CRM. The vulnerability stems from the product's update feature that does not...

7.5CVSS7.2AI score0.01122EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/01/05 12:0 a.m.5 views

Daybyday CRM 处理逻辑错误漏洞

DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. An information disclosure vulnerability exists in DayByDay CRM. The vulnerability stems from the product's update feature that does not...

7.5CVSS5.7AI score0.01122EPSS
Exploits0References2
Rows per page
Query Builder