17 matches found
CVE-2025-66289
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...
UBUNTU-CVE-2019-19882
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...
How to disable 'Delete account' option within Secure Hub
To disable the "Delete account" option within the Secure Hub for the environment with Auto Discovery ServicesADSenabled. Note : This can be done only for the environments with Auto Discovery ServicesADS enabled...
Default Password 'f****r' for 'mother' Account
The account 'mother' on the remote host has the default password 'fr'. A remote attacker can exploit this issue to gain administrative access to the affected system. Note that this username / password combination was found in the leaked source from the Mirai botnet. The password has been masked i...
Default Password (gforge) for 'root' Account
The account 'root' on the remote host has the password 'gforge'. An attacker may leverage this issue to gain total control of the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "gforge"; include'deprecatednasllevel.inc'; include'compat.inc'; if...
MailEnable Enterprise 2.0 - ASP Multiple Vulnerabilities
MailEnable Enterprise 2.0 - ASP Multiple Vulnerabilities Hi, I'm Soroush Dalili from GrayHatz Security Group GSG. I found multiple bugs in MailEnable Enterprise Edition ASP Version POSTOFFICE -----------------------End---------------------------- 2 Authenticated normal user can gain ADMIN or...
Sybase SQL sa Account Blank Password
The remote Sybase SQL server has the default 'sa' account enabled without any password. An attacker may use this flaw to execute commands against the remote host as well as read database content. C Tenable Network Security, Inc. This script is based on mssqlblankpassword.nasl which is C H D Moore...
Unpassworded 'bash' Backdoor Account
The account 'bash' has no password set. An attacker may use it to gain further privileges on this system. This account was likely created by a backdoor installed by a fake Linux RedHat patch. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...
Unpassworded 'lp' Account
The account 'lp' has no password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "lp"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11246; scriptversion"1.36";...
Unpassworded 'jack' Account
The account 'jack' has no password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "jack"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11249; scriptversion"1.35";...
Unpassworded 'tutor' Account
The account 'tutor' has no password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "tutor"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11251; scriptversion"1.34";...
Unpassworded 'guest' Account
The account 'guest' has no password set. An attacker may use it to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "guest"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11240; scriptversion"1.35";...
Unpassworded '4Dgifts' Account
The account '4Dgifts' has no password set. An attacker may use it to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11243; scriptversion"1.37";...
Unpassworded 'hax0r' Account
The account 'hax0r' has no password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "hax0r"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11253; scriptversion"1.36";...
Unpassworded 'EZsetup' Account
The account 'EZsetup' has no password set. An attacker may use it to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "EZsetup"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11241; scriptversion"1.36";...
Default Password (satori) for 'rewt' Account
The account 'rewt' has the password 'satori'. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "rewt"; password = "satori"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11265;...
Unpassworded 'backdoor' Account
The account 'backdoor' has no password set. An attacker may use it to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11250; scriptversion"1.37";...