Grandstream UCM6510 安全漏洞

The Grandstream UCM6510 is a VoIP switch from Grandstream USA. A security vulnerability exists in the Grandstream UCM6510 version 1.0.20.52 and earlier, which stems from an improperly restricted authentication attempt that could lead to a brute-force breaking attack...

CVE-2024-45790 User Enumeration vulnerability

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to...

The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores lies in insufficient restrictions on authentication attempts. This allows attackers to bypass security measures and carry out brute-force attacks.

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and carry out a...

IBM DS8900F HMC License Issue Vulnerability

The IBM DS8900F HMC is an enterprise-class disk storage system from International Business Machines IBM for storing and managing large-scale enterprise data. The IBM DS8900F HMC suffers from an authorization issue vulnerability that can be exploited by an attacker to bypass authentication...

CVE-2023-46172

IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow a remote attacker to bypass authentication restrictions for authorized user. IBM X-Force ID: 269409...

CVE-2023-46172 IBM DS8900F security bypass

IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow a remote attacker to bypass authentication restrictions for authorized user. IBM X-Force ID: 269409...

CVE-2022-43904 IBM Security Guardium information disclosure

IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895...

The vulnerability of the network software for social games and heroiclabs/nakama applications relates to insufficient restrictions on authentication attempts, allowing a perpetrator to gain unauthorized access to protected information.

The vulnerability of the network software for social games and heroiclabs/nakama applications is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Schneider Electric PowerLogic ION Setup 安全漏洞

Schneider Electric PowerLogic ION Setup is a free, user-friendly configuration tool from Schneider Electric France. It provides an intuitive environment for setting up and verifying the settings of PowerLogic meters and other devices. A security vulnerability exists in Schneider Electric that ste...

ZOHO ManageEngine ServiceDesk Plus Licensing Issue Vulnerability

ZOHO ManageEngine ServiceDesk Plus SDP is a set of ITIL-based IT service management software from ZOHO. The software integrates incident management, issue management, asset management IT project management, procurement and contract management, etc. An authorization issue vulnerability exists in...

CVE-2020-28206

An issue was discovered in Bitrix24 Bitrix Framework 1c site management 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows...

CVE-2020-7921

A vulnerability was discovered in MongoDB, where an update operation on a user-define role clears the authenticationRestrictions field that was previously set. This unexpected behavior may remove previous IP based restrictions configured on a role, thus allowing a user to bypass them once the...

CVE-2020-8790

The CVE-2020-8790 entry concerns the OKLOK 3.1.1 mobile app for the Fingerprint Bluetooth Padlock FB50 (2.3). The root cause described across connected sources is weak password requirements combined with insufficient restriction of repeated authentication attempts, enabling a remote attacker to b...

CVE-2019-12428

An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization...

The vulnerability in the web interface of the SINEMA Remote Connect server allows a hacker to gain full access to the system.

The vulnerability of the SINEMA Remote Connect server’s web interface is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow an attacker to gain full access to the system...

Hardcoded credentials

Basware Banking Maksuliikenne 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to...

GLSA-201412-29 : Apache Tomcat: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201412-29 Apache Tomcat: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of...

Apache Tomcat: Multiple vulnerabilities

Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive...

HP-UX PHCO_43873 : s700_800 11.11 libpam_updbe patch

s700800 11.11 libpamupdbe patch : A potential security vulnerability has been identified in the HP-UX running PAM using libpamupdbe in pam.conf4. This vulnerability could allow remote users to bypass certain authentication restrictions. References: CVE-2014-7879 SSRT101489. %NASLMINLEVEL 70300 C...

CVE-2014-5385

The vulnerability CVE-2014-5385 affects Shopizer 1.1.5 and earlier, specifically the class com/salesmanager/central/profile/ProfileAction.java where the authentication mechanism does not enforce a limit on login attempts. Root cause: no restriction on authentication attempts. Impact: enables brut...