23 matches found
EUVD-2019-6881
Malware in sbrugna...
EUVD-2023-2814
Malicious code in bioql PyPI...
EUVD-2025-12697
Malicious code in bioql PyPI...
PT-2025-25312
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue allows an attacker to guess usernames by exploiting different error messages returned for incorrect passwords versus non-existing usernames during failed login attempts...
CVE-2025-24342
A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests...
CVE-2025-24342
A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests...
BMC AMI 安全漏洞
BMC AMI BMC Automated Mainframe Intelligence is an automated mainframe intelligence solution from BMC USA. A security vulnerability exists in BMC AMI. An attacker exploiting this vulnerability could use certain oracles to guess valid usernames, leading to information disclosure...
vantage6 vulnerable to Observable Response Discrepancy
Impact We are incorporating the password policies listed in https://github.com/vantage6/vantage6/issues/59. One measure is that we don't let the user know in case of wrong username/password combination if the username actually exists, to prevent that bots can guess usernames. However, if a wrong...
NVIDIA BMC 安全漏洞
NVIDIA BMC is an OpenBMC open software framework from NVIDIA. A security vulnerability exists in NVIDIA BMC. An attacker exploiting this vulnerability could guess a valid BMC username, which could lead to information disclosure...
CVE-2021-45925
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
Lanner IAC-AST2500A 安全漏洞
The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A security vulnerability exists in the Lanner IAC-AST2500A standard firmware version 1.00.0,...
GHSA-4225-97PR-RR52 OpenStack Keystone allows information disclosure during account locking
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking related to PCI DSS features. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated...
Squaredup 安全漏洞
Squaredup, a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments, has a security vulnerability that could be exploited by attackers to guess a valid user name...
Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated)
Exploit Title: Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage Date: 2020-16-09 Exploit Author: nag0mez Vendor Homepage: https://ultimatepro.codexcube.com/ Version: = 2.0.5 Tested on: Kali Linux 2020.2 The SQLi injection does not allow UNION payloads. However, we can guess...
Information Disclosure
github.com/argoproj/argo-cd is vulnerable to information disclosure. The vulnerability exists as it was possible to guess if a username exists through the VerifyUsernamePassword function in sessionmanager.go...
CVE-2019-15987
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain...
HackerOne: Private program activity timeline information disclosure
HI, There are some company which are hosting as external https://hackerone.com/directory?query=type%3Aexternal&sort=name%3Aascending&page=1 but some one was hosting private BB on HackerOne which are not visible unless they invite you. However, you can check if any company is hosting private BB on...
HackerOne: Know whether private program for company exist or not
HI, There are some company which are hosting private BB on HackerOne which are not visible unless they invite you. However, you can check if any company is hosting private BB on HackerOne or not if you can guess the username they use. Generally most company chooses the same name as their company...
pop3-brute NSE Script
Tries to log into a POP3 account by guessing usernames and passwords. Script Arguments pop3loginmethod The login method to use: "USER" default, "SASL-PLAIN", "SASL-LOGIN", "SASL-CRAM-MD5", or "APOP". Defaults to "USER", passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the...
CVE-2003-0637
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing...