17 matches found
Exploit for CVE-2026-44596
CVE-2026-44596 — YAMCS No Rate Limiting on Authentication Endp...
CVE-2026-8697
Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...
CVE-2025-66620
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...
CVE-2025-66620
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...
CVE-2025-66620
CVE-2025-66620 concerns Columbia Weather Systems MicroServer. Reports describe an unused webshell that allows unlimited login attempts and sudo rights on select files/directories. An attacker with admin access can gain a limited shell, enable persistence (reverse shells), and modify or remove fil...
CVE-2025-66620 Columbia Weather Systems MicroServer Command Shell in Externally Accessible Directory
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...
PT-2026-1859
Name of the Vulnerable Software and Affected Versions MicroServer affected versions not specified Description An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell...
PT-2025-47659
Name of the Vulnerable Software and Affected Versions EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products affected versions not specified Description The software does not limit the number of authentication attempts, potentially allowing an attacker to identify an...
EUVD-2018-11552
Malware in sbrugna...
CVE-2024-9342
In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in...
CVE-2024-45790
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to...
Argo CD Security Vulnerability
Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g. configuration in the Git repository, automatically synchronizing and deploying...
Fortinet FortiSandbox 安全漏洞
Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A security vulnerability exists in Fortinet FortiSandbox versions 4.0.0 throug...
showdoc 安全特征问题漏洞
showdoc is an open source tool ideal for IT teams to share documents online. showdoc in the security features problematic vulnerability , the vulnerability stems from the lack of a limit on the number of client logins and thus vulnerable to password weak pseudo-random number generator PRNG attack...
CVE-2018-19878
An issue was discovered on Teltonika RTU950 R31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory...
CVE-2018-19878
An issue was discovered on Teltonika RTU950 R31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory...
CVE-2018-19878
An issue was discovered on Teltonika RTU950 R31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory...