256 matches found
CVE-2018-1000408
CVE-2018-1000408 describes a denial-of-service vulnerability in Jenkins where, on builds using the built-in Jenkins user database (HudsonPrivateSecurityRealm), an attacker without Overall/Read permission can access a specific URL, causing an ephemeral user record to be created in memory. Affected...
BSA-2018-746
Security Advisory ID : BSA-2018-746 Component : Servlet Revision : 1.0: Initial A Vulnerability in Brocade Network Advisor Version before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encypted not hashed password of the systems. The...
CVE-2018-15718
Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more...
Open redirect
Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more...
CVE-2018-15718
Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more...
CVE-2018-15718
Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more...
CVE-2018-15718
Open Dental prior to version 18.4 is affected by CVE-2018-15718. The issue occurs when a remote unauthenticated user accesses the command prompt, causing the application to transmit the entire user database over the network. This can expose usernames, password hashes, privilege levels, and other ...
Mikrotik Winbox Arbitrary File Access Vulnerability
MikroTik RouterOS is a routing operating system, developed based on the Linux kernel, compatible with x86 PC routing software, through which a standard PC computer can be turned into a professional router.Winbox is a Windows-based software for remote management of RouterOS, providing an intuitive...
Authentication flaw
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploi...
CVE-2018-10355
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploi...
Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability (Apr 2018) - Version Check
Mikrotik RouterOS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Dahua Generation 2/3 - Backdoor Access Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/python2.7 if False: ''' 2017-05-03 Public rerelease of Dahua Backdoor PoC https://github.com/mcw0/PoC/blob/master/dahua-backdoor-PoC.py 2017-03-20 With my newfound knowledge of vulnerable devices out there with an unbelievable...
CVE-2017-1000356
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in th...
Authentication flaw
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in th...
CVE-2017-1000356
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in th...
CVE-2017-1000356
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in th...
CVE-2017-1000356
Summary of sources: CVE‑2017‑1000356 affects Jenkins 2.56 and earlier (and 2.46.1 LTS and earlier) with CSRF vulnerabilities in the Jenkins user database authentication realm that could enable an attacker to create accounts or disrupt admin users, potentially enabling broader impacts. Connected a...
CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
Design/Logic Flaw
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...