CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

318 matches found

Packet Storm•added 2024/08/27 12:0 a.m.•181 views

Medicine Tracker System 1.0 Insecure Settings

==================================================================================================================================== | Title : Medicine Tracker System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 6...

7.4AI score

Exploits0

Veracode•added 2024/06/14 6:12 a.m.•17 views

Improper Authentication

github.com/rancher/rancher is vulnerable to Improper Authentication. The vulnerability is due to the default admin user being recreated with a well-known password after Rancher restarts...

9.8CVSS6.8AI score0.01604EPSS

Exploits0References6Affected Software1

Github Security Blog•added 2024/05/27 10:54 p.m.•17 views

silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms

When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password fields...

7.2AI score

Exploits0References4Affected Software1

Positive Technologies•added 2024/05/27 12:0 a.m.•3 views

PT-2024-40446 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue allows extraction of pre-configured database or default admin account passwords by viewing the source of the page and inspecting the value property of the password fields when...

6.5CVSS7.2AI score

Exploits0References5

OSV•added 2024/05/23 7:37 p.m.•7 views

GHSA-8V6M-7F5V-HHX6 Silverstripe Brute force bypass on default admin

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password...

9.1CVSS7.2AI score

Exploits0References4

Github Security Blog•added 2024/05/23 7:37 p.m.•11 views

Silverstripe Brute force bypass on default admin

7.2AI score

Exploits0References4Affected Software1

Positive Technologies•added 2024/05/23 12:0 a.m.•2 views

PT-2024-40204 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns default Administrator accounts not having the same brute force protection as other Member accounts. Specifically, failed login counts were not logged for default admin...

9.1CVSS7AI score

Exploits0References5

Hacker One•added 2024/05/15 4:12 a.m.•48 views

Booking.com: Default Admin Account lead to full access control at https://desk-demo.fareharbor.engineering

Login to the application at https://desk-demo.fareharbor.engineering/login with [email protected], password: test F3271060 2. Realizing that the login is successful, the attacker can use all functions in the application. F3271059 Impact attacker can use all admin functions...

7AI score

Exploits0

Positive Technologies•added 2024/04/08 12:0 a.m.•3 views

PT-2024-5340 · Adtran · Adtran Srg 834-5

Name of the Vulnerable Software and Affected Versions: AdTran SRG 834-5 devices with SmartOS versions prior to 12.1.3.1 Description: The issue is related to the use of hardcoded credentials in the SSH service of the affected devices. This allows a remote attacker to execute arbitrary operating...

9CVSS10AI score0.00608EPSS

Exploits0References9

OSV•added 2024/03/18 8:29 p.m.•28 views

GHSA-2VGG-9H6W-M454 Bypassing Rate Limit and Brute Force Protection Using Cache Overflow

Summary An attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined with other vulnerabilities to attack the default admin account. This flaw undermines a previously patched CVE...

5.4CVSS8AI score0.02157EPSS

Exploits2References7

OSV•added 2024/03/18 6:42 p.m.•40 views

CVE-2024-21662 Argo CD vulnerable to Bypassing of Rate Limit and Brute Force Protection Using Cache Overflow

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combine...

7.5CVSS7AI score0.02157EPSS

Exploits2References7