Authelia 安全漏洞

Authelia is an open source single sign-on multi-factor portal for web applications by Authelia. A security vulnerability exists in Authelia versions prior to 4.38.19, which stems from a flaw in the login restriction mechanism, leading to an increased risk of brute force break-in...

PT-2024-30268 · Pluck Cms · Pluck Cms

Name of the Vulnerable Software and Affected Versions: Pluck CMS version 4.7.18 Description: The issue allows attackers to execute a brute force attack due to the lack of restriction on failed login attempts. Recommendations: For Pluck CMS version 4.7.18, consider implementing a custom restrictio...

weak Password Policy while creating a new User with the Admin Account

Hello, I was able to detect weak Password Policy while allowing an administrator to create a new account. Lets create an account, set the Password to 1 and login with it. As you can see its number 1. When i click set it will not accept We need to specify that the user will change his password aft...

PT-2022-24376 · Safe · Fme Server

Name of the Vulnerable Software and Affected Versions: Safe Software FME Server versions prior to v2022.0.1.1 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page, specifically through a cross-site scripting XSS...

PT-2022-24560 · Transtek · Transtek Mojodat Fam

Name of the Vulnerable Software and Affected Versions: Transtek Mojodat FAM Fixed Asset Management version 2.4.6 Description: The issue allows remote attackers to fetch cleartext passwords upon a successful login request. This is related to the mobile application in Transtek Mojodat FAM...

PT-2022-10466 · Hitachi Energy · Txpert Hub Coretec 4

Name of the Vulnerable Software and Affected Versions: Hitachi Energy TXpert Hub CoreTec 4 versions 2.0.0 through 2.2.1 Description: A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the...

PT-2020-15601 · Kabir Alhasan · Kabir Alhasan Student Management System

Name of the Vulnerable Software and Affected Versions: Kabir Alhasan Student Management System version 1.0 Description: The issue allows for Authentication Bypass. An attacker can exploit this by using a specific combination of username and password, such as 'admin', to bypass authentication...

CVE-2016-0332

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695...

Login Restriction Bypass

Moodle is vulnerable to login restrition bypasses. A malicious user with a suspended account is still able to login by confirming their email if they have yet to confirm it...

Design/Logic Flaw

IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach...

SOL16365 - GNU C Library (glibc) vulnerability CVE-2014-9402

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

Canopus Internet Banking FIVE - Auth Bypass Vulnerability

Document Title: =============== Canopus Internet Banking FIVE - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=305 Release Date: ============= 2012-01-11 Vulnerability Laboratory ID VL-ID: ==================================== 3...

PT-2004-1448 · Yabb · Yabb

Name of the Vulnerable Software and Affected Versions: YaBB version 1 SP 1.3.1 Description: The issue allows remote attackers to identify valid users due to different error messages being displayed when a user exists or not. This makes it easier to conduct a brute force password guessing attack...