168 matches found
CVE-2024-8891
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4...
CIRCUTOR Q-SMT 安全漏洞
CIRCUTOR Q-SMT is an industrial hardware device from CIRCUTOR, Inc. A security vulnerability exists in CIRCUTOR Q-SMT version 1.0.4, which stems from an attacker's ability to construct a dictionary of potential users and inspect server responses without knowing the current user in the web...
CVE-2024-34336
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality...
CVE-2024-34336
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality...
CVE-2024-34336
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality...
Denial Of Service (DoS)
golang.org/x/net is vulnerable to Denial Of Service DoS. The vulnerability is due to the client mishandling cases where a server responds with a non-informational status, which leaves the client connection in an invalid state. Attackers can exploit this by sending "Expect: 100-continue" requests ...
Password Hash Disclosure
born05/craft-twofactorauthentication is vulnerable to Password Hash Disclosure. The vulnerability is due to the improper handling of password hashes, which are exposed in server responses after a valid TOTP submission. Attackers can exploit this by controlling a user's session to obtain the...
RHEL 5 : libxi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXi: Multiple Array Index error leading to heap-based OOB write CVE-2013-1998 - libXi: Insufficient...
go-git: Maliciously crafted Git server replies can cause DoS on go-git clients
A denial of service DoS vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients...
CVE-2024-23677
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file...
UBUNTU-CVE-2023-49568
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
DEBIAN-CVE-2023-32726
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server...
PT-2023-30850 · Siemens · Sinec Ins
Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 2 Description: A vulnerability has been identified in the affected software, where it does not correctly validate the response received by a UMC server. This can be exploited by an attacker to crash...
CVE-2023-6254
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...
UBUNTU-CVE-2023-6254
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...
CVE-2023-37831
An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted...
CVE-2023-37831
An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted...
PT-2023-26135 · Elenos · Elenos Etg150 Fm Transmitter
Name of the Vulnerable Software and Affected Versions: Elenos ETG150 FM transmitter version 3.12 Description: An issue in the Elenos ETG150 FM transmitter allows attackers to enumerate user accounts based on server responses when credentials are submitted. Recommendations: For Elenos ETG150 FM...
CVE-2023-37831
An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted...
CVE-2023-37831
An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted...