22 matches found
EUVD-2017-5926
Malware in sbrugna...
CVE-2025-47951
Weblate (localization tool) prior to version 5.12 lacked rate limiting on the second-factor verification endpoint. This allowed an attacker with valid credentials to automate OTP guessing, potentially evading authentication controls. The vulnerability has been fixed in Weblate 5.12 (and patched i...
CVE-2012-3798
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks...
SUSE CVE-2013-7252
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...
Sage X3 AdxAdmin Login Scanner
This module allows an attacker to perform a password guessing attack against the Sage X3 AdxAdmin service, which in turn can be used to authenticate to a local Windows account. This module implements the X3Crypt function to 'encrypt' any passwords to be used during the authentication process, giv...
CVE-2021-28482
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483. Recent assessments: zeroSteiner at June 03, 2021 1:07pm UTC reported: This vulnerability is a deserialization flaw in Exchange’s...
CVE-2020-15770
CVE-2020-15770 affects Gradle Enterprise 2018.5. The vulnerability stems from the lack of account lock-out after excessive failed login attempts, enabling repeated password guesses for a local user. Public sources in connected documents corroborate a brute-force risk without lock-out, specificall...
DRUPAL-CORE-2020-011
A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file...
GHSA-2MXR-89GF-RC4V Read permissions not enforced for client provided filter expressions in Elide.
Impact It is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence ...
CVE-2016-9124
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users...
Experts Explain How Hackers Can Hack Your Credit Cards In Seconds
As India attempts an upgrade to a cashless society, cyber security experts have raised serious concerns and revealed how to find credit card information – including expiration dates and CVV numbers – in just 6 Seconds. And what's more interesting? The hack uses nothing more than guesswork by...
Distributed Guessing Attack Reels in Payment Card Data
Academics at Newcastle University have proven that an attacker in possession of a minimal amount of existing information can, in an automated way, guess payment card data by exploiting weaknesses in online payment processes. The issue lies in the fact that the global payment system lacks a...
CVE-2016-0922
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack...
Revive Adserver: Login page password-guessing attack
Vulnerability description not provided...
Default credentials
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack...
CVE-2015-0997
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack...
ReddAPI: Login page password-guessing attack
Hello team of Reddapi! Here to report a vulnerability on your site. Affected site: www.reddapi.com Vulnerability: Login page password-guessing attack Severity:Low. Vulnerability description: A brute-force attack is an attempt to discover a password by systematically trying every possible...
YaCOMAS 0.3.6 Alpha Multiple Vulnerabilities
Exploit for php platform in category web applications Software: Yacomas 0.3.6 Vendor: http://yacomas.sourceforge.net/ Vuln Type: Multiple Vulnerability Download link: http://patux.net/downloads/yacomas-0.3.6alpha.tar.gz Author: email protected X contact: profesorxatotmail.com Home: www.ccat.edu.m...
YaCOMAS 0.3.6 Alpha - Multiple Vulnerabilities
YaCOMAS 0.3.6 Alpha - Multiple Vulnerabilities =================================================================== YaCOMAS 0.3.6 Multiple vulnerability =================================================================== Software: Yacomas 0.3.6 Vendor: http://yacomas.sourceforge.net/ Vuln Type:...
Simple Machines Forum (SMF) < 1.1.6 Password Reset Vulnerability
Simple Machines Forum SMF is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...