284 matches found
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack. Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to brute force attacks by malicious users. Remediation Upgrade org.apache.kafka:connect-runtime to version 2.8.1, 2.7.2 ...
in erudika/scoold
✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...
Hewlett Packard Enterprise BackBox 授权问题漏洞
Hewlett Packard Enterprise BackBox is a U.S. Hewlett Packard Enterprise provides the functionality needed to deploy HPE Uninterruptible BackBox products into your backup and recovery operations. Hewlett Packard Enterprise BACKBOX There is an authorization issue vulnerability that stems from the...
CVE-2021-22221
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited...
UBUNTU-CVE-2021-22221
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.4 (etcd) security update
An update for etcd is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Apache ActiveMQ Authorization Issues Vulnerability
Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. An authorization issue vulnerability exists in the Apache ActiveMQ LDAP login module, which stems from an...
PT-2021-16958
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis versions prior to 2.16.0 Apache ActiveMQ versions prior to 5.16.1 Apache ActiveMQ versions prior to 5.15.14 Description The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP serve...
Privilege Escalation
nodebb is vulnerable to privilege escalation. Lack of correct password validation logic allows an attacker to send a malicious socket.io call to update the password of any user on a running NodeBB forum to takeover the account...
CVE-2020-15115
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...
Input validation
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...
CVE-2020-15115
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...
CVE-2020-15115
CVE-2020-15115 is an etcd password-management vulnerability affecting versions prior to 3.3.23 and 3.4.10, where there is no password length validation. The description indicates an attacker could brute-force or guess short passwords (potentially length 1) with little computational effort. The co...
phpList 3.5.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: phpList 3.5.0 - Authentication Bypass Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/ Version: 3.5.0...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.11.0: Never allow an empty password to validate 9682 9683 Prevent redirect to Host 9678 9679 Swagger hide search field 9554 Add "search" to reserved usernames 9063 Switch to fomantic-ui 9374 Only serve attachments when linked to issue/release and if accessible...
Code injection
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible CPANEL-9559...
CVE-2016-10791
CVE-2016-10791 affects cPanel before 60.0.15. The issue arises because the product does not ensure that system accounts lack a valid password, which can render logins impossible (CPANEL-9559). Connected sources consistently describe the same flaw, with no explicit details on affected versions bey...
CVE-2019-9884
eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...
CVE-2019-9884
eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...
Design/Logic Flaw
eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...