17 matches found
CVE-2025-11566
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on the /REST/shutdownnow endpoint...
EUVD-2022-31077
Malicious code in bioql PyPI...
CVE-2020-36710
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2...
CVE-2024-51476
IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...
CVE-2023-35697
Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials...
CVE-2023-35697
Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials...
CVE-2020-36710 WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2...
CVE-2023-29005 No Rate Limiting on Login AUTH DB
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTHRATELIMITED = True, RATELIMITENABLED = True, and setting an AUTHRATELIMIT...
New Mirai Botnet Variant 'V3G4' Exploiting 13 Flaws to Target Linux and IoT Devices
A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different...
IBM Security Verify Identity Manager 安全漏洞
IBM Security Verify Identity Manager is a security verification identity manager from IBM, USA. A security vulnerability exists in IBM Security Verify Identity Manager version 10.0. A remote attacker could use the vulnerability to brute-force break account credentials...
CVE-2022-26519
There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials...
Design/Logic Flaw
There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials...
Interlogix Hills ComNav 安全漏洞
Interlogix Hills ComNav is a remote access integration module for the Hills Reliance Security Alert System from Interlogix Australia. A security vulnerability exists in Interlogix Hills ComNav that allows a local attacker to brute-force break credentials...
CVE-2021-46366
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery CSRF in order to brute force and exfiltrate users' credentials...
Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices
A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage NAS devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using differe...
CVE-2017-13719
The Amcrest IPM-721S AmcrestIPC-AWXXEngNV2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. This HTTP API receives the credentials as base64 encod...
phpMyAdmin Security Bypass Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A security vulnerability in the libraries/plugins/auth/AuthenticationCookie.class.php script in phpMyAdmin versions 4.3.13.2 prior to 4.3.x and 4.4.14.1 prior to 4.4.x can be exploited by a remote...