Lucene search
+L

200 matches found

Node.js
Node.js
added 2019/01/09 1:34 p.m.15 views

Cryptographically Weak PRNG

Overview Affected versions of generate-password generate random values that are biased towards certain characters depending on the chosen character sets. This may result in guessable passwords. Recommendation Update to version 1.4.1 or later. References - GitHub Pull - GitHub Advisory...

6.8AI score
Exploits0Affected Software1
OSV
OSV
added 2018/11/13 2:29 p.m.8 views

CVE-2018-15795

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service...

8.1CVSS5.8AI score0.01304EPSS
Exploits0References2
Prion
Prion
added 2017/09/08 4:29 p.m.14 views

Design/Logic Flaw

Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename...

5CVSS7.5AI score0.01167EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/09/08 4:0 p.m.14 views

CVE-2017-2550

Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename...

7.5AI score0.01167EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/06/29 9:0 p.m.21 views

CVE-2017-10679

Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed...

7.8AI score0.02472EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2016/12/13 12:0 a.m.270 views

MS16-155: Security Update for .NET Framework (3205640)

The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the .NET Framework Data Provider for SQL Server due to improper handling of developer-supplied keys. An unauthenticated, remote attacker can exploit this to disclose...

7.5CVSS7.6AI score0.20008EPSS
Exploits0References2
Hacker One
Hacker One
added 2016/01/02 4:4 p.m.21 views

ownCloud: [https://test1.owncloud.com/owncloud6/] Guessable password used for admin user

On https://test1.owncloud.com/owncloud6/ there is easy to guess password set for admin user. Login with: admin/admin Other instances of owncloud i was able to find on that server have different password set for admin...

Exploits0
CNVD
CNVD
added 2015/05/15 12:0 a.m.8 views

Trend Micro ScanMail for Microsoft Exchange Authentication Bypass Vulnerability

Trend Micro ScanMail for Microsoft Exchange is a virus scanning program for Exchange mail servers. Trend Micro ScanMail for Microsoft Exchange SMEX prior to 10.2 Hot Fix Build 3318 and prior to 11.0 Hot Fix Build 4180 uses a guessable random number generator to generate the session ID of the WEB...

5CVSS6.8AI score0.02302EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.32 views

Standard & Poors ComStock 4.2.4 Machine Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/1080/info Numerous vulnerabilities exist in the ComStock product, as sold by Standard & Poor's. ComStock is based on the RedHat 5.1 distribution, and contains many of the vulnerabilities found in the 5.1 distribution. In...

7.1AI score
Exploits0
Debian
Debian
added 2013/04/04 2:41 p.m.44 views

[BSA-080] Security Update for postgresql-9.1

Package : postgresql-9.1 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 Debian Bug : 704479 Several vulnerabilities were discovered in PostgreSQL database server. CVE-2013-1899 Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open...

8.5CVSS7.2AI score0.54312EPSS
Exploits4
OpenVAS
OpenVAS
added 2013/04/04 12:0 a.m.37 views

Debian Security Advisory DSA 2657-1 (postgresql-8.4 - guessable random numbers)

A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. OpenVAS Vulnerability Test $Id: deb2657.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2657-1 using nvtg...

8.5CVSS0.1AI score0.54312EPSS
Exploits4References1
Saint
Saint
added 2011/01/05 12:0 a.m.258 views

SSH password weakness

Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

7.5CVSS9.9AI score0.53618EPSS
Exploits41
Saint
Saint
added 2011/01/05 12:0 a.m.80 views

SSH password weakness

Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

7.5CVSS9.6AI score0.53618EPSS
Exploits41
Saint
Saint
added 2011/01/05 12:0 a.m.74 views

SSH password weakness

Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

7.5CVSS9.6AI score0.53618EPSS
Exploits41
RedHat Linux
RedHat Linux
added 2009/05/07 11:45 a.m.8 views

OpenJDK temporary files have guessable file names (6721753)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...

6.4CVSS7.1AI score0.03478EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/01/13 9:33 p.m.4 views

OpenJDK temporary files have guessable file names (6721753)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...

6.4CVSS7.1AI score0.03478EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/12/04 3:45 p.m.7 views

OpenJDK temporary files have guessable file names (6721753)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...

6.4CVSS7.1AI score0.03478EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.6 views

WirelessIP5000 has multiple vulnerabilities

Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...

7.5CVSS6.9AI score0.01532EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/10/23 1:0 a.m.19 views

CVE-2003-1457

Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access...

6.7AI score0.00529EPSS
Exploits0References4
Prion
Prion
added 2007/09/12 7:17 p.m.17 views

Code injection

Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service stamp invalidation via a SOAP request with an id value for a stamp that has not yet been printed...

5CVSS7.2AI score0.01653EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder