Lucene search
K

12 matches found

OSV
OSV
added 2025/11/18 3:16 p.m.10 views

CVE-2025-59116

Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. Only version 4.1 was tested and confirmed as vulnerable. This issue was...

5.3CVSS5.8AI score0.00213EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/18 1:26 p.m.8 views

CVE-2025-59116 User enumeration in Windu CMS

Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. Only version 4.1 was tested and confirmed as vulnerable. This issue was...

6.9CVSS0.00213EPSS
Exploits0References2
OSV
OSV
added 2022/09/16 10:15 p.m.3 views

CVE-2022-3217

When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials...

7.5CVSS5.8AI score0.01127EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/02/22 12:0 a.m.8 views

Wave Inspur ClusterEngine Parameter Injection Vulnerability

Wave Inspur ClusterEngine is an application software from China's Wave Corporation. It provides management of jobs submitted by hardware and software in a cluster system. A security vulnerability exists in Inspur ClusterEngine V4.0, which can be exploited by remote attackers to send malicious log...

10CVSS7.3AI score0.38745EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.21 views

Fedora 29 : phpMyAdmin (2018-088802878a)

Upstream announcement : The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes. The security fixes involve : - Local file inclusion https://www.phpmyadmin.net/security/PMASA-2018-6/, - XSRF/CSRF...

5.5AI score
Exploits0References2
NVD
NVD
added 2018/06/01 2:29 p.m.28 views

CVE-2018-7949

The iBMC Intelligent Baseboard Management Controller of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users ...

8.8CVSS8.9AI score0.01119EPSS
Exploits0References1
OSV
OSV
added 2016/12/15 6:59 a.m.3 views

CVE-2016-4048

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected...

4.3CVSS5.9AI score0.01159EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2016/08/25 12:0 a.m.6 views

PT-2022-7408 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.0 Description: The issue is related to the use of ticket followups or setup login messages with a stylesheet link in GLPI, which may allow for a cross-site scripting attack vector. This is partially mitigated by th...

10CVSS6.1AI score0.99628EPSS
Exploits32References130
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.60 views

F5 Networks BIG-IP : SSH vulnerability (K13600)

A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. The following platforms a...

5.6AI score
Exploits0References2
NVD
NVD
added 2012/11/23 8:55 p.m.20 views

CVE-2012-3431

The Teiid Java Database Connectivity JDBC socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle MITM attack...

4.3CVSS6.5AI score0.01763EPSS
Exploits0References4
securityvulns
securityvulns
added 2008/08/08 12:0 a.m.33 views

[AJECT] NoticeWare IMAP Email Server 4.6.2 DoS vulnerability

---------------------------------------- Synopsis ---------------------------------------- NoticeWare Email Server NG 4.6.2 is vulnerable to denial-of-service DoS attacks. The IMAP server crashes after receiving several large LOGIN messages. Product: NoticeWare Email Server NG Version: 4.6.3 and...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2001/02/06 12:0 a.m.26 views

Проблемы в ssh1 (remote password brute forcing)

Сообщения о неудачных попытках входа не попадают в лог-файл...

1.1AI score
Exploits0References1Affected Software1
Rows per page
Query Builder