Lucene search
K

14 matches found

UbuntuCve
UbuntuCve
added 2026/03/27 12:0 a.m.5 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.8AI score0.00338EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18727

Malware in sbrugna...

6.1CVSS6.3AI score0.00786EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:7 a.m.8 views

CVE-2023-47312

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries...

6.5CVSS6.9AI score0.00396EPSS
Exploits1
NVD
NVD
added 2023/11/22 5:15 p.m.21 views

CVE-2023-47312

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries...

6.5CVSS0.00396EPSS
Exploits1References1
Prion
Prion
added 2023/11/22 5:15 p.m.19 views

Improper access control

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries...

4CVSS7.2AI score0.00396EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/11/22 12:0 a.m.66 views

CVE-2023-47312

CVE-2023-47312 affects Headwind MDM Web panel 5.22.1. The issue is incorrect access control arising from login credential leakage via audit entries, enabling potential elevation of access or disclosure. Root cause details in connected sources indicate credential leakage within audit records as th...

6.5CVSS6.5AI score0.00396EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/11/22 12:0 a.m.25 views

CVE-2023-47312

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries...

6.7AI score0.00396EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/28 2:15 p.m.2 views

CVE-2022-30561

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet...

5.9CVSS5.8AI score0.00701EPSS
Exploits0References2
CVE
CVE
added 2021/12/27 6:48 p.m.77 views

CVE-2021-4161

CVE-2021-4161 affects MOXA MGate MB3180/MB3280/MB3480 Series Protocol Gateways. Vulnerable firmware versions include MB3180 (≤2.2), MB3280 (≤4.1), and MB3480 (≤3.2). The flaw allows cleartext transmission of sensitive information, enabling an attacker to sniff traffic and decrypt login credential...

9.8CVSS8.7AI score0.00661EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/03/12 9:29 p.m.4 views

UBUNTU-CVE-2018-7563

An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The...

6.1CVSS6AI score0.01111EPSS
Exploits0References4
myhack58
myhack58
added 2016/08/29 12:0 a.m.14 views

Web Security testing common logic vulnerability analysis(combat article-the vulnerability warning-the black bar safety net

Logic vulnerabilities mining has always been Safety tested in the“timeless”topic. Compared toSQL injection, withXSSthe vulnerability of traditional security holes, and now the attacker is more inclined to use the business logic layer of the application security issues, such issues tend to harm th...

0.5AI score
Exploits0
ThreatPost
ThreatPost
added 2015/06/09 12:27 p.m.9 views

Banking Malware Vawtrak Seen Using Tor2Web

Developers behind the banking Trojan Vawtrak have begun obscuring some of their servers with Tor2Web, a move that’s added another degree of difficulty when it comes to uncovering their activity. To this point the malware’s techniques – its evolution beyond banking websites, ability to break...

1.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2014/06/16 10:52 a.m.19 views

Dyreza Banker Trojan Seen Bypassing SSL

Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at ...

0.7AI score
Exploits0References2
securityvulns
securityvulns
added 2004/08/30 12:0 a.m.22 views

[SA12366] iChain Multiple Vulnerabilities

TITLE: iChain Multiple Vulnerabilities SECUNIA ADVISORY ID: SA12366 VERIFY ADVISORY: http://secunia.com/advisories/12366/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of system information, DoS WHERE: From remote SOFTWARE: Novell iChain 2.x...

0.5AI score
Exploits0
Rows per page
Query Builder