Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-5926

Malware in sbrugna...

7.5CVSS7.5AI score0.01008EPSS
Exploits1References2
CVE
CVE
added 2025/06/16 8:57 p.m.40 views

CVE-2025-47951

Weblate (localization tool) prior to version 5.12 lacked rate limiting on the second-factor verification endpoint. This allowed an attacker with valid credentials to automate OTP guessing, potentially evading authentication controls. The vulnerability has been fixed in Weblate 5.12 (and patched i...

4.9CVSS6.8AI score0.00217EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 4:8 a.m.8 views

CVE-2012-3798

The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks...

5CVSS6.8AI score0.01515EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.4 views

SUSE CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...

5CVSS6.9AI score0.02147EPSS
Exploits1References4
Metasploit
Metasploit
added 2021/07/21 5:42 p.m.269 views

Sage X3 AdxAdmin Login Scanner

This module allows an attacker to perform a password guessing attack against the Sage X3 AdxAdmin service, which in turn can be used to authenticate to a local Windows account. This module implements the X3Crypt function to 'encrypt' any passwords to be used during the authentication process, giv...

5.3CVSS7.7AI score0.35792EPSS
Exploits6
ATTACKERKB
ATTACKERKB
added 2021/04/13 12:0 a.m.48 views

CVE-2021-28482

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483. Recent assessments: zeroSteiner at June 03, 2021 1:07pm UTC reported: This vulnerability is a deserialization flaw in Exchange’s...

10CVSS1.2AI score0.83337EPSS
Exploits4References2
CVE
CVE
added 2020/09/18 1:23 p.m.45 views

CVE-2020-15770

CVE-2020-15770 affects Gradle Enterprise 2018.5. The vulnerability stems from the lack of account lock-out after excessive failed login attempts, enabling repeated password guesses for a local user. Public sources in connected documents corroborate a brute-force risk without lock-out, specificall...

5.5CVSS5.3AI score0.00266EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/16 4:45 p.m.1 views

DRUPAL-CORE-2020-011

A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file...

7.5CVSS6.9AI score0.01089EPSS
Exploits0References1
OSV
OSV
added 2020/03/30 8:9 p.m.3 views

GHSA-2MXR-89GF-RC4V Read permissions not enforced for client provided filter expressions in Elide.

Impact It is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence ...

6.8CVSS5.9AI score0.01251EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/03/28 2:46 a.m.22 views

CVE-2016-9124

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users...

9.6AI score0.0223EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2016/12/06 9:31 a.m.46 views

Experts Explain How Hackers Can Hack Your Credit Cards In Seconds

As India attempts an upgrade to a cashless society, cyber security experts have raised serious concerns and revealed how to find credit card information – including expiration dates and CVV numbers – in just 6 Seconds. And what's more interesting? The hack uses nothing more than guesswork by...

6.3AI score
Exploits0
ThreatPost
ThreatPost
added 2016/12/05 2:10 p.m.21 views

Distributed Guessing Attack Reels in Payment Card Data

Academics at Newcastle University have proven that an attacker in possession of a minimal amount of existing information can, in an automated way, guess payment card data by exploiting weaknesses in online payment processes. The issue lies in the fact that the global payment system lacks a...

7.2AI score
Exploits0References2
NVD
NVD
added 2016/09/18 2:59 a.m.13 views

CVE-2016-0922

EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack...

9.8CVSS9.3AI score0.015EPSS
Exploits0References2
Hacker One
Hacker One
added 2015/10/27 4:47 p.m.11 views

Revive Adserver: Login page password-guessing attack

Vulnerability description not provided...

9.8CVSS9.5AI score0.0223EPSS
Exploits0
Prion
Prion
added 2015/03/29 10:59 a.m.11 views

Default credentials

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack...

5CVSS7AI score0.024EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2015/03/29 10:0 a.m.26 views

CVE-2015-0997

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack...

6.4AI score0.024EPSS
Exploits0References3
Hacker One
Hacker One
added 2014/04/08 6:46 p.m.213 views

ReddAPI: Login page password-guessing attack

Hello team of Reddapi! Here to report a vulnerability on your site. Affected site: www.reddapi.com Vulnerability: Login page password-guessing attack Severity:Low. Vulnerability description: A brute-force attack is an attempt to discover a password by systematically trying every possible...

0.3AI score
Exploits0
0day.today
0day.today
added 2011/03/31 12:0 a.m.24 views

YaCOMAS 0.3.6 Alpha Multiple Vulnerabilities

Exploit for php platform in category web applications Software: Yacomas 0.3.6 Vendor: http://yacomas.sourceforge.net/ Vuln Type: Multiple Vulnerability Download link: http://patux.net/downloads/yacomas-0.3.6alpha.tar.gz Author: email protected X contact: profesorxatotmail.com Home: www.ccat.edu.m...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/03/30 12:0 a.m.22 views

YaCOMAS 0.3.6 Alpha - Multiple Vulnerabilities

YaCOMAS 0.3.6 Alpha - Multiple Vulnerabilities =================================================================== YaCOMAS 0.3.6 Multiple vulnerability =================================================================== Software: Yacomas 0.3.6 Vendor: http://yacomas.sourceforge.net/ Vuln Type:...

0.3AI score
Exploits0
OpenVAS
OpenVAS
added 2008/09/25 12:0 a.m.27 views

Simple Machines Forum (SMF) < 1.1.6 Password Reset Vulnerability

Simple Machines Forum SMF is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.5AI score0.07131EPSS
Exploits2References4
Rows per page
Query Builder