Lucene search
K

19 matches found

Cvelist
Cvelist
added 2026/05/20 5:45 a.m.45 views

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

8.1CVSS0.0055EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-52322

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00869EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/08/10 6:28 p.m.7 views

Mars: SQLi At `███████` via `theme_name`

A SQL injection vulnerability was discovered in a web application's theme selection endpoint through the "themename" parameter. Using SQLMap, the vulnerability was demonstrated to be exploitable through both error-based and time-based blind injection attacks against a MySQL database version 5.1 o...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:42 a.m.5 views

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

8.8CVSS7.1AI score0.00869EPSS
Exploits0
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.3 views

Smiths Detection HI-SCAN 6040i Hitrax HX-03-19-I 安全漏洞

The Smiths Detection HI-SCAN 6040i Hitrax HX-03-19-I is an entry-level X-ray equipment electronic component from Smiths Detection, UK. A security vulnerability exists in the Smiths Detection HI-SCAN 6040i Hitrax HX-03-19-I, which stems from an issue in the AsDB service that allows an attacker to...

7.5CVSS6.8AI score0.0036EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2024/10/21 1:50 p.m.8 views

Internet Archive attackers email support users: “Your data is now in the hands of some random guy”

Those who hacked the Internet Archive haven't gone away. Users of the Internet Archive who have submitted helpdesk tickets are reporting replies to the tickets from the hackers themselves. Internet Archive, most known for its Wayback Machine, is a digital library that allows users to look at...

7AI score
Exploits0
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.2 views

Aruba Networks ArubaOS 安全漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from a buffer overflow in the underlying Local User...

9.8CVSS8.2AI score0.14617EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.2 views

PT-2024-3680 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS versions affected versions not specified Description: The issue is a buffer overflow vulnerability in the Local User Authentication Database service. This vulnerability could lead to unauthenticated remote code execution by sending...

9.8CVSS8.9AI score0.14617EPSS
Exploits0References15
OSV
OSV
added 2024/01/10 1:15 p.m.4 views

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

8.8CVSS5.9AI score0.00869EPSS
Exploits0References1
Prion
Prion
added 2024/01/10 1:15 p.m.15 views

Authentication flaw

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

6.5CVSS7.2AI score0.00869EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/10 1:2 p.m.3 views

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

8.8CVSS8.6AI score0.00869EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/10 1:2 p.m.24 views

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

8.8CVSS8.6AI score0.00869EPSS
Exploits0References1
CVE
CVE
added 2024/01/10 1:2 p.m.44 views

CVE-2023-48253

The connected documents repeat the CVE-2023-48253 issue: an authenticated remote attacker can read or update arbitrary content in the authentication database via a crafted HTTP request, potentially exfiltrating password hashes and compromising user accounts. Bosch-related entries (Nexo cordless t...

8.8CVSS8.3AI score0.00869EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.4 views

PT-2024-13561 · Rexroth +1 · Nexo Cordless Nutrunner Nxa011S-36V +8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. This can...

8.8CVSS8.4AI score0.00869EPSS
Exploits0References6
OSV
OSV
added 2022/07/29 10:28 p.m.4 views

GHSA-32FF-4G79-VGFC Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings

Impact An authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes...

2.7CVSS5.9AI score0.00594EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/07/29 12:0 a.m.5 views

PT-2022-20589 · Pypi · Flask-Appbuilder

Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions prior to 4.1.3 Description: An authenticated Admin user could query other users by their salted and hashed passwords strings, using partial hashed password strings. The response would not include the hashed passwords...

2.7CVSS3.2AI score0.00594EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2010/06/16 12:0 a.m.8 views

PT-2010-3684 · Pyftpd · Pyftpd

Name of the Vulnerable Software and Affected Versions: Pyftpd version 0.8.4 Description: The issue concerns hard-coded usernames and passwords in the auth db config.py file for the test, user, and roxon accounts. This allows remote attackers to read arbitrary files from the FTP server...

7.5CVSS7.3AI score0.01812EPSS
Exploits0References6
Exploit DB
Exploit DB
added 2005/03/21 12:0 a.m.21 views

BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload

source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the authentication credential database. A remote attacker may...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2000/02/16 5:0 a.m.23 views

CVE-2000-0143

The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP...

6.5AI score0.00349EPSS
Exploits0References1
Rows per page
Query Builder