Lucene search
K

18 matches found

CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

Ubiquiti UniFi Network Application 安全漏洞

The Ubiquiti UniFi Network Application is a centralized management and monitoring platform for network devices and wireless networks developed by the Ubiquiti company. The Ubiquiti UniFi Network Application has a security vulnerability that stems from a susceptibility to path traversal attacks...

10CVSS6AI score0.15601EPSS
Exploits3References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2025-208469

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access...

5.3CVSS5.8AI score0.0031EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24185

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access...

5.3CVSS5.8AI score0.0031EPSS
Exploits0References4
Metasploit
Metasploit
added 2025/05/06 6:54 p.m.273 views

SMB to HTTP relay version of Get NAA Creds

This module creates an SMB server and then relays the credentials passed to it to SCCM's HTTP server aka Management Point to gain an authenticated connection. Once authenticated it then attempts to retrieve the Network Access Accounts, if configured, from the SCCM server. This requires a computer...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2024/01/10 1:2 p.m.24 views

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

8.8CVSS8.6AI score0.00869EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.3 views

Autodesk Customer Portal Security Vulnerability

Autodesk Customer Portal is a customer portal component of Autodesk USA. A security vulnerability exists in Autodesk Customer Portal that stems from cases where Autodesk users who no longer have a valid license for an account can still access that account...

5.3CVSS6.8AI score0.00495EPSS
Exploits0References2
OSV
OSV
added 2023/10/06 5:15 p.m.2 views

CVE-2023-23370

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have...

4.4CVSS5.8AI score
Exploits0References1
Kitploit
Kitploit
added 2023/01/03 11:30 a.m.76 views

PXEThief - Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager

PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager https://forum.defcon.org/node/241925 against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager or ConfigMgr, still...

7.2AI score
Exploits0References2
CNNVD
CNNVD
added 2022/11/10 12:0 a.m.14 views

Wiesemann & Theis Com-Server Family 安全特征问题特征问题漏洞

The Wiesemann & Theis Com-Server Family is a series of serial device servers from the German company Wiesemann & Theis. A security signature issue vulnerability exists in Wiesemann & Theis Com-Server Family. An attacker could exploit this vulnerability to brute force a session id and access...

8.8CVSS8AI score0.00734EPSS
Exploits0References3
OSV
OSV
added 2022/06/07 7:15 p.m.1 views

CVE-2022-30730

Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication...

4.6CVSS5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2021/01/07 12:0 a.m.6 views

Making browsing safe from phishing

Privacy, Security Making browsing safe from phishing Share January 7th, 2021 Mallory tries to create a phishing site to lure Alice into revealing her secrets. TL;DR: skip to the conclusions to see what Alice learned. The Privacy Problem In the previous episode, Mallory was thinking about...

8.8CVSS6.7AI score0.05036EPSS
Exploits4References1
CNVD
CNVD
added 2020/05/14 12:0 a.m.4 views

Ignite Realtime Spark Information Disclosure Vulnerability

Ignite Realtime Spark is an open source, cross-platform, real-time collaboration client application from the Ignite Realtime community. An information disclosure vulnerability exists in Ignite Realtime Spark version 2.8.3 Windows. A remote attacker can exploit this vulnerability to obtain and cra...

8.8CVSS6.4AI score0.0174EPSS
Exploits1References1
OSV
OSV
added 2020/04/24 4:15 p.m.5 views

CVE-2020-6823

A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirecturi, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox 75...

9.8CVSS7.5AI score0.01612EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/10/14 12:0 a.m.4 views

Vulnerability of the Mac OS X operating system, allowing attackers to compromise user accounts

The vulnerability of the NSSecureTextField component in the Mac OS X operating system is related to the lack of a secure input mechanism. Exploiting this vulnerability allows an attacker to access user accounts through a specially created application...

4.3CVSS6.6AI score0.00902EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2015/10/05 9:22 p.m.16 views

Shopify: Accessing Payments page and adding payment methods with limited access accounts

Users with the Orders permission were allowed to see the store's payment gateway information. This page should have been restricted to users with the Settings permission only. Using this vulnerability a User with limited access/ No access to Settings could add/alter/change Payment settings while...

3.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2012/07/16 10:28 a.m.19 views

CVE-2011-4287

admin/uploaduserform.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user...

6.8CVSS5.9AI score0.02066EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2009/11/24 12:0 a.m.3 views

PT-2009-6119 · Dovecot · Dovecot

Name of the Vulnerable Software and Affected Versions: Dovecot versions 1.2.x through 1.2.7 Description: The issue allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base dir directory, and possibly the base dir directory...

5.5CVSS5.3AI score0.00375EPSS
Exploits0References16
Exploit DB
Exploit DB
added 2005/02/28 12:0 a.m.22 views

phpBB 2.0.x - Authentication Bypass (3)

source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to any...

7.4AI score
Exploits0
Rows per page
Query Builder