24 matches found
CVE-2024-41682
A vulnerability has been identified in Location Intelligence family All versions V4.4. Affected products do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated remote attacker to conduct brute force attacks against legitimate user passwords...
EUVD-2001-1527
Malware in sbrugna...
EUVD-2009-2593
Malware in sbrugna...
EUVD-2005-4443
Malware in sbrugna...
EUVD-2018-0765
Malware in sbrugna...
EUVD-2020-7324
Malware in sbrugna...
EUVD-2001-0886
Malware in sbrugna...
EUVD-2010-4723
Malware in sbrugna...
EUVD-2023-32660
Malicious code in bioql PyPI...
EUVD-2023-23388
Malicious code in bioql PyPI...
CVE-2025-49195
The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server...
CVE-2025-32788 OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...
CVE-2025-27507
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While...
RockyLinux 8 : php:7.4 (RLSA-2024:10952)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10952 advisory. php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: Passwordverify always return true with some hash CVE-2023-0567 php: Missing err...
CVE-2024-34162
The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As...
The evolution of MFA authentication technology and what needs to change next
Authentication attacks are big business, and no one is immune from them. In fact, two men were recently arrested and charged in the Twitter employee account compromise that happened in July 2020. Using employee account credentials, the attackers took over several highly visible celebrity Twitter...
CVE-2012-4381
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, 1 which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, 2 when an authentication plugin returns a false in the strict function, could allow remo...
PostNuke 0.76 RC4b Comments Module - 'moderate' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. This can lead to theft of cookie-based authentication credentials, as well as oth...
[ GLSA 200405-16 ] Multiple XSS Vulnerabilities in SquirrelMail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200405-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
PHP 4.x session spoofing
Hi, +-------------------+ | What are sessions | +-------------------+ A session ID is required to identify people. It is passed over to the browser and then is either part of the url or is stored as a cookie. With every request the browser also sends this ID over to the server which makes is...