200 matches found
Cryptographically Weak PRNG
Overview Affected versions of generate-password generate random values that are biased towards certain characters depending on the chosen character sets. This may result in guessable passwords. Recommendation Update to version 1.4.1 or later. References - GitHub Pull - GitHub Advisory...
CVE-2018-15795
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service...
Design/Logic Flaw
Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename...
CVE-2017-2550
Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename...
CVE-2017-10679
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed...
MS16-155: Security Update for .NET Framework (3205640)
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the .NET Framework Data Provider for SQL Server due to improper handling of developer-supplied keys. An unauthenticated, remote attacker can exploit this to disclose...
ownCloud: [https://test1.owncloud.com/owncloud6/] Guessable password used for admin user
On https://test1.owncloud.com/owncloud6/ there is easy to guess password set for admin user. Login with: admin/admin Other instances of owncloud i was able to find on that server have different password set for admin...
Trend Micro ScanMail for Microsoft Exchange Authentication Bypass Vulnerability
Trend Micro ScanMail for Microsoft Exchange is a virus scanning program for Exchange mail servers. Trend Micro ScanMail for Microsoft Exchange SMEX prior to 10.2 Hot Fix Build 3318 and prior to 11.0 Hot Fix Build 4180 uses a guessable random number generator to generate the session ID of the WEB...
Standard & Poors ComStock 4.2.4 Machine Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/1080/info Numerous vulnerabilities exist in the ComStock product, as sold by Standard & Poor's. ComStock is based on the RedHat 5.1 distribution, and contains many of the vulnerabilities found in the 5.1 distribution. In...
[BSA-080] Security Update for postgresql-9.1
Package : postgresql-9.1 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 Debian Bug : 704479 Several vulnerabilities were discovered in PostgreSQL database server. CVE-2013-1899 Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open...
Debian Security Advisory DSA 2657-1 (postgresql-8.4 - guessable random numbers)
A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. OpenVAS Vulnerability Test $Id: deb2657.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2657-1 using nvtg...
SSH password weakness
Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...
SSH password weakness
Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...
SSH password weakness
Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...
OpenJDK temporary files have guessable file names (6721753)
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...
OpenJDK temporary files have guessable file names (6721753)
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...
OpenJDK temporary files have guessable file names (6721753)
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
CVE-2003-1457
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access...
Code injection
Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service stamp invalidation via a SOAP request with an id value for a stamp that has not yet been printed...