CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. This plugin only works with...

4.3CVSS5.3AI score0.00318EPSS

Exploits1References2

OSV•added 2022/06/03 8:15 p.m.•1 views

CVE-2021-43271

Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a when configured to use local, RADIUS, or TACACS authentication logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username...

6.8CVSS5.8AI score0.00257EPSS

Exploits0References1

Prion•added 2020/02/24 7:15 p.m.•9 views

Cross site scripting

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanc...

4.3CVSS6AI score0.0033EPSS

Exploits1References1Affected Software1

Veracode•added 2018/07/11 12:35 p.m.•25 views

Brute Force Attacks

Microsoft.AspNetCore.Identity is vulnerable to brute force attacks. The application does not validate whether the lockout limit for incorrect login attempts has been reached, allowing a malicious user to be able to conduct a brute force attack...

7.5CVSS7.4AI score0.07756EPSS

Exploits0References8Affected Software1

Prion•added 2018/07/11 12:29 a.m.•39 views

Security feature bypass

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2...

5CVSS7.4AI score0.07756EPSS

Exploits0References3Affected Software3

NVD•added 2017/02/01 8:59 p.m.•14 views

CVE-2016-5896

IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser...

5.3CVSS5AI score0.00187EPSS

Exploits0References2

wpexploit•added 2016/04/01 12:0 a.m.•24 views

Cerber Limit Login Attempts <= 2.0.1.6 - Unauthenticated Stored XSS

If the option "I'm behind a proxy" is enabled, the visitor IP is read from X-Forwarded-For header, stored & printed in the admin panel without any sanitization / validation. Set the X-Forwarded-For header to alert1, and perform an incorrect login...

4.3CVSS0.3AI score0.01192EPSS

Exploits2References1

OSV•added 2013/12/12 10:22 p.m.•6 views

MGASA-2013-0369 Updated samba package fixes multiple vulnerabilities

Updated samba packages fix security vulnerabilities: Samba before 3.6.22 incorrectly allows login from authenticated users if the requiremembershipof parameter of pamwinbind specifies only invalid group names CVE-2012-6150. It was discovered that multiple buffer overflows in the processing of...

8.3CVSS7.1AI score0.0295EPSS

Exploits1References5

CVE•added 2005/02/10 5:0 a.m.•53 views

CVE-2005-0296

CVE-2005-0296 affects Novell GroupWise WebAccess. The error handler allows unauthenticated remote reading of sensitive info (e.g., product version) via manipulated error or modify parameters that return template files or the about page. Vendor has disputed the issue. Connected sources provide no ...

5CVSS6.2AI score0.00638EPSS

Exploits0References7Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by