Lucene search
+L

26 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-7635

Malware in sbrugna...

9.8CVSS9.2AI score0.01176EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2023-57566

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00653EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/12/22 4:31 p.m.18 views

CVE-2023-49792 Bruteforce protection can be bypassed with misconfigured proxy

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a reverse proxy is configured as truste...

5.3CVSS7AI score0.01041EPSS
Exploits0References3
Nextcloud
Nextcloud
added 2023/12/18 8:27 a.m.71 views

Bruteforce protection can be bypassed with misconfigured proxy

None...

9.8CVSS8.5AI score0.01041EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/11/27 5:15 p.m.26 views

CVE-2023-5239

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...

7.5CVSS0.00653EPSS
Exploits2References1
Prion
Prion
added 2023/11/27 5:15 p.m.17 views

Design/Logic Flaw

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...

5CVSS7AI score0.00653EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/16 7:3 p.m.18 views

CVE-2023-45149 Password of talk conversations can be bruteforced in Nextcloud

Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the...

4.3CVSS4.7AI score0.0048EPSS
Exploits0References3
Hacker One
Hacker One
added 2023/04/19 2:53 p.m.33 views

Nextcloud: user_oidc app is missing bruteforce protection

The useroidc app in Nextcloud was missing bruteforce protection, allowing attackers to iterate over data until they find valid authentication credentials, potentially bypassing authentication...

9.8CVSS8.8AI score0.00854EPSS
Exploits0
Kitploit
Kitploit
added 2022/01/26 8:30 p.m.26 views

Ninjasworkout - Vulnerable NodeJS Web Application

Damn Vulnerable NodeJS Application Quick Start Download the Repo = run npm i Afer Installing all dependency just run the application node app.js or nodemon app.js ADDED BUGS Prototype Pollution No SQL Injection Cross site Scripting Broken Access Control Broken Session Management Weak Regex...

8.8AI score
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/21 12:0 a.m.334 views

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1068-1 Rating: important References: 1181445 1181803 1181804 1188247 1188248 1188249 1188250 1188251 1188252 1188253 1188254 1188255 1188256 Cross-References: CVE-2020-8293 CVE-2020-8294 CVE-2020-8295...

9.8CVSS7.2AI score0.02309EPSS
Exploits1References13
Hacker One
Hacker One
added 2021/07/16 2:44 p.m.15 views

Nextcloud: Lack of bruteforce protection for TOTP 2FA

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2021/05/27 10:48 a.m.10 views

Nextcloud: Serverinfo endpoints are not bruteforce protected nor are tokens properly generated

The serverinfo app allows accessing the endpoints also via a custom token. https://github.com/nextcloud/serverinfo/blob/9ae9dde028a684e53a1b37c9ba8e964ffe42a97f/lib/Controller/ApiController.phpL121 The token is set/generated via...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2021/05/11 2:23 p.m.50 views

Nextcloud: public webdav endpoint not bruteforce protected

Again related to https://hackerone.com/reports/1173684 I am having some trouble finding the code. However if you do curl -u "RANDOM1:RANDOM2" -X PROPFIND https://server/public.php/webdav And then check your ocbruteforceattempts table. You'll see there is no entry registered. Impact Low just like ...

5CVSS0.3AI score0.01702EPSS
Exploits0
Hacker One
Hacker One
added 2021/05/11 1:56 p.m.36 views

Nextcloud: Add to your nextcloud endpoint is not properly protected

This is related to https://hackerone.com/reports/1173684 The endpoint you hit does have bruteforce protection https://github.com/nextcloud/server/blob/master/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.phpL126 But this is only triggered by finding a share that is password...

5CVSS0.01322EPSS
Exploits0
Hacker One
Hacker One
added 2020/04/21 6:13 a.m.17 views

Brave Software: No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org

There is no bruteforce protection here https://publishers.basicattentiontoken.org/publishers when i try to changes email's contact account. Also the actual thing is when I put an existing email in the above url's "publisherpendingemail" parameter I get an error response status 400 Bad Request But...

7AI score
Exploits0
Hacker One
Hacker One
added 2019/10/30 5:21 p.m.39 views

Mail.ru: Account Takeover at worki.ru

One time code reuse between registration and authentication in combination with insufficient bruterofce protection allowed account access via verification code bruteforce for worki.ru. Common flaws of SMS auth: https://blog.deteact.com/common-flaws-of-sms-auth/...

3.8AI score
Exploits0
Kitploit
Kitploit
added 2019/08/24 9:52 p.m.403 views

IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request

Extension for Burp Suite which uses AWS API Gateway to change your IP on every request. More info: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/ Description This extension allows you to easily spin up API Gateways across multiple regions. All the Burp Suite traffic for the...

7.3AI score
Exploits0References3
Packet Storm
Packet Storm
added 2017/04/20 12:0 a.m.66 views

Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dlp.cgi Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogquerydlprce mrme$ ./poc.py 172.16.175.123 admin + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0root...

10CVSS0.5AI score0.93249EPSS
Exploits16
Packet Storm
Packet Storm
added 2017/04/20 12:0 a.m.65 views

Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryadminsystimerce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0ro...

0.5AI score0.07204EPSS
Exploits5
Packet Storm
Packet Storm
added 2017/04/20 12:0 a.m.60 views

Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_system.cgi Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogquerysystemrce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root...

0.5AI score0.06247EPSS
Exploits5
Rows per page
Query Builder