CVE-2023-4625

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period...

Oracle Linux 8 : grafana (ELSA-2023-2784)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2784 advisory. - resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in - resolve CVE-2022-27664 golang: net/http: handle...

Semmle: the login blocking mechanism does not work correctly

Summary: The login block mechanism does not work correctly because it blocks the login for 1 minute and allows you to sign in again many times with specific pattern by allowing login 2 or 3 times after 1 minute Exploitation 1. open https://lgtm-com.pentesting.semmle.net/ 2. try to login with vali...