12 matches found
CVE-2025-59116
Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. Only version 4.1 was tested and confirmed as vulnerable. This issue was...
CVE-2025-59116 User enumeration in Windu CMS
Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. Only version 4.1 was tested and confirmed as vulnerable. This issue was...
CVE-2022-3217
When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials...
Wave Inspur ClusterEngine Parameter Injection Vulnerability
Wave Inspur ClusterEngine is an application software from China's Wave Corporation. It provides management of jobs submitted by hardware and software in a cluster system. A security vulnerability exists in Inspur ClusterEngine V4.0, which can be exploited by remote attackers to send malicious log...
Fedora 29 : phpMyAdmin (2018-088802878a)
Upstream announcement : The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes. The security fixes involve : - Local file inclusion https://www.phpmyadmin.net/security/PMASA-2018-6/, - XSRF/CSRF...
CVE-2018-7949
The iBMC Intelligent Baseboard Management Controller of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users ...
CVE-2016-4048
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected...
PT-2022-7408 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.0 Description: The issue is related to the use of ticket followups or setup login messages with a stylesheet link in GLPI, which may allow for a cross-site scripting attack vector. This is partially mitigated by th...
F5 Networks BIG-IP : SSH vulnerability (K13600)
A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. The following platforms a...
CVE-2012-3431
The Teiid Java Database Connectivity JDBC socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle MITM attack...
[AJECT] NoticeWare IMAP Email Server 4.6.2 DoS vulnerability
---------------------------------------- Synopsis ---------------------------------------- NoticeWare Email Server NG 4.6.2 is vulnerable to denial-of-service DoS attacks. The IMAP server crashes after receiving several large LOGIN messages. Product: NoticeWare Email Server NG Version: 4.6.3 and...
Проблемы в ssh1 (remote password brute forcing)
Сообщения о неудачных попытках входа не попадают в лог-файл...