Lucene search
K

82 matches found

OSV
OSV
added 2017/11/27 10:29 a.m.2 views

UBUNTU-CVE-2017-8028

In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...

8.1CVSS7.4AI score0.02606EPSS
Exploits0References4
Prion
Prion
added 2017/10/13 5:29 p.m.19 views

Design/Logic Flaw

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery CSRF, default authentication credentials, information leak and command injection attack vectors. A...

7.5CVSS8.8AI score0.02295EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/10/13 5:0 p.m.26 views

CVE-2016-1265 Junos Space: privilege escalation vulnerabilities in Junos Space

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery CSRF, default authentication credentials, information leak and command injection attack vectors. A...

9.8CVSS10AI score0.02295EPSS
Exploits0References1
NVD
NVD
added 2017/10/05 5:29 p.m.14 views

CVE-2016-8937

The IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750...

9.8CVSS9.1AI score0.01898EPSS
Exploits0References2
OSV
OSV
added 2017/10/05 5:29 p.m.2 views

CVE-2016-8937

The IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750...

9.8CVSS5.8AI score0.01898EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2017/01/26 12:0 a.m.8 views

The vulnerability of the CODESYS Runtime Toolkit execution environment allows a perpetrator to execute arbitrary commands and load arbitrary files.

The vulnerability of the CODESYS Runtime Toolkit lies in the absence of requirements for authentication procedures in the default configuration. Exploiting this vulnerability allows a malicious actor to execute commands through the command line interface and upload arbitrary files...

10CVSS5.8AI score0.05266EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/06/29 12:0 a.m.20 views

Juniper Junos Space < 15.1R3 Multiple Vulnerabilities (JSA10727)

According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R3. It is, therefore, affected by multiple unspecified vulnerabilities, including cross-site request forgery XSRF, default authentication credentials, information disclosure, and...

9.8CVSS9.1AI score0.02295EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2015/11/20 12:0 a.m.87 views

ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities

Exploit Title: ZTE ZXHN H108N R1A + ZXV10 W300 routers - multiple vulnerabilities Discovered by: Karn Ganeshen CERT VU 391604 Vendor Homepage: www.zte.com.cn Versions Reported ZTE ZXHN H108N R1A - Software version ZTE.bhs.ZXHNH108NR1A ZTE ZXV10 W300 - Software version - w300v1.0.0fER1PE Overview...

10CVSS7AI score0.1554EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2015/10/21 12:0 a.m.8 views

The vulnerability of Schneider Electric’s Quantum Ethernet Module allows a remote intruder to gain privileged access to the system.

The vulnerability of Schneider Electric’s Quantum Ethernet Module is related to the presence of rigidly encrypted data for default authentication through ports such as TELNET, FTP, or Windriver Debug for accounts like AUTCSE, AUTCSE, fdrusers, ftpuser, loader, nic2212, nimrohs2212, nip2212,...

10CVSS7.8AI score0.0404EPSS
Exploits1References7
seebug.org
seebug.org
added 2014/10/10 12:0 a.m.34 views

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

No description provided by source. DrayTek VigorACS SI = 1.3.0 Vigor ACS-SI Edition is a Central Management System for DrayTek routers and firewalls, providing System Integrators or system administration personnel a real-time integrated monitoring, configuration and management platform...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/10/09 12:0 a.m.34 views

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

DrayTek VigorACS SI versions 1.3.0 and below suffer from local file inclusion, remote file upload, file write, and default login vulnerabilities. DrayTek VigorACS SI /ACSServer/ We found that most of the VigorACS SI deployments are using the default http authentication settings acs/password. This...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2014/10/09 12:0 a.m.42 views

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

DrayTek VigorACS SI /ACSServer/ We found that most of the VigorACS SI deployments are using the default http authentication settings acs/password. This is not so much a software vulnerability but more a configuration issue. 2.2 Unauthenticated arbitrary file read/write functionality via...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/09/30 12:0 a.m.54 views

Moab Insecure Message Signing Authentication Bypass

Moab Authentication Bypass insecure message signing : CVE-2014-5376 Software: Moab Affected Versions: Dependent on configuration, can affect all versions of Moab including Moab 8 CVE Reference: CVE-2014-5376 Author: John Fitzpatrick, Luke Jennings MWR Labs http://labs.mwrinfosecurity.com/ Severit...

4CVSS0.7AI score0.0168EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2013/01/24 6:28 p.m.4 views

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

6.8CVSS6.6AI score0.15561EPSS
Exploits1References4
Metasploit
Metasploit
added 2011/03/11 5:37 p.m.9 views

Accellion FTA MPIPE2 Command Execution

This module exploits a chain of vulnerabilities in the Accellion File Transfer appliance. This appliance exposes a UDP service on port 8812 that acts as a gateway to the internal communication bus. This service uses Blowfish encryption for authentication, but the appliance ships with two easy to...

7.9AI score
Exploits0
CERT
CERT
added 2010/08/02 12:0 a.m.51 views

Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)

Overview The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. Description An attacker with a known username and access to a...

7.8CVSS6.7AI score0.01716EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2009/10/01 3:30 p.m.2 views

CVE-2009-0209

PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors...

6.4CVSS5.6AI score0.00669EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.5 views

Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication

Overview The web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE disables authentication in the default configuration. The authentication for the web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN...

7.5CVSS7AI score
Exploits0References3
securityvulns
securityvulns
added 2005/06/28 12:0 a.m.84 views

[VulnWatch] Blank Administrator password in DELL XP Professional install

Vulnerability in DELL Windows XP Professional - default hidden Administrator account allows local Administrator access Systems: DELLtm Laptops with Windowstm; Professional Vulnerable: DELL Laptops with pre installed Microsoft Windows XP Professional SP2 Not Vulnerable: DELL Laptops with Retail...

7.5CVSS6.1AI score0.63703EPSS
Exploits13
NVD
NVD
added 2004/12/31 5:0 a.m.20 views

CVE-2004-2298

Novell Internet Messaging System NIMS 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator...

6.4CVSS6.8AI score0.01508EPSS
Exploits0References3
Rows per page
Query Builder