13 matches found
Exploit for CVE-2024-2473
CVE-2024-2473 — WPS Hide Login Page Identifier A profession...
CVE-2023-35698
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt...
PYSEC-2023-52
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...
CVE-2021-33209
An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier...
Design/Logic Flaw
webcalendar before 1.2.7 shows the reason for a failed login e.g., "no such user"...
CVE-2019-19007
Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600...
CVE-2019-19007
Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600...
Login and token disclosure to other Nextcloud services (NC-SA-2019-017)
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...
CVE-2019-17600
CVE-2019-17600 affects Intelbras IWR 1000N with firmware 1.6.4. The issue is a mishandling of v1/system/user that leads to disclosure of the administrator login name and password. The Red Hat and NVD entries confirm the same vulnerability family; exploitation is referenced in public exploit mater...
Local API Login Credentials Disclosure in paratrooper-pingdom
The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process. Vulnerable Code: From: paratrooper-pingdom-1.0.0/lib/paratrooper-pingdom.rb ruby def setupoptions = %xcurl https://api.pingdom.com/api/2.0/checks -X PUT ...
Froxlor 0.9.33.1 MySQL Login Disclosure Vulnerability
Froxlor server management panel versions 0.9.33.1 and below suffer from a MySQL login information disclosure vulnerability. ------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosur...
Froxlor 0.9.33.1 MySQL Login Disclosure
------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosure Date: Jul 30 2015 Exploit Author: Dustin Dörr Vendor Homepage: https://www.froxlor.org/ Version:...
AS3FlexDB Database Login Information Disclosure & Remote SQL Excution
Exploit for unknown platform in category web applications ===================================================================== AS3FlexDB Database Login Information Disclosure & Remote SQL Excution =====================================================================...