47 matches found
Zscaler Client Connector 安全漏洞
Zscaler Client Connector is an application from zscaler. An application installed on a device that ensures that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A security...
Garuda Linux License Issues Vulnerability
Garuda Linux is an x86-64 general-purpose Linux distribution from Garuda Linux, based on the Arch Linux operating system. Garuda Linux suffers from a security vulnerability that originates from the execution of an insecure process when creating a user via Garuda Settings Manager, which leaves the...
The vulnerability of cloud-based software for creating and using Nextcloud data storage solutions is related to improper access control, which allows a hacker to change user passwords.
The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to the absence of password confirmation for users who access the system. Exploiting this vulnerability can allow attackers to change user passwords...
SUSE CVE-2023-39963
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully steali...
PT-2023-5257 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 20.0.0 through 20.0.14.14 Nextcloud Server versions 21.0.0 through 21.0.9.12 Nextcloud Server versions 22.0.0 through 22.2.10.13 Nextcloud Server versions 23.0.0 through 23.0.12.7 Nextcloud Server versions 24.0.0...
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missin...
CVE-2023-2062
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/...
Weak Password Requirements
publifycore is vulnerable to Weak Password Requirements. A remote attacker can easily compromise user accounts due to missing password strength constraints...
The vulnerability of the telnetd server software in the Infiray IRAY-A8Z3 camera system allows a intruder to elevate their privileges to the root level.
The vulnerability of the telnetd server software in Infiray IRAY-A8Z3 cameras is related to the absence of a password for the root user account. Exploiting this vulnerability allows an attacker to elevate their privileges to root status by connecting through port 23...
GHSA-P5C5-6564-VVR8 Improper Authentication in Apache CXF
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element...
The vulnerability of the CMS system October CMS, related to the lack of a password recovery mechanism, allows attackers to gain access to any user account at will.
The vulnerability of the CMS system October CMS is related to the lack of a password recovery mechanism. Exploiting this vulnerability could allow an attacker to gain access to any account by using a specially created request...
CVE-2020-10284
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarmstudio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the...
CVE-2018-16219
A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker in the same network as the device to change the admin password without authentication via a POST request...
Default credentials
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker in the same network as the device to change the admin password without authentication and without knowing the original password...
The vulnerability of the software interface of the FortiWeb Manager, a centralized control system for network switches, relates to access control deficiencies, allowing an intruder to gain access to the system using an administrator account.
The vulnerability of the software interface for centralized control of network switches, FortiWeb Manager, is related to the lack of password verification for the admin account. Exploiting this vulnerability could allow a malicious actor, operating remotely and having access to the web interface,...
DEBIAN-CVE-2016-9877
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...
UBUNTU-CVE-2016-9877
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...
VulnCheck KEV: CVE-1999-0502
A Unix account has a default, null, blank, or missing password...
CVE-2016-0733
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username...
Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability
A vulnerability in the Cisco Nexus 2000 Series Fabric Extender could allow an unauthenticated, local attacker to log in to the system shell with root user privileges. The vulnerability is due to a missing password for the root user account on the affected system. This account is created at...