Arbitrary Account Password Reset Vulnerability in Goodbody Knowledge Android APP of Tongfang Co.

Good Body Knowledge Android App is a software to detect the health data in your body. An arbitrary account password reset vulnerability exists in the Good Body Knowledge Android APP of Tongfang Co. An attacker can reset any account password by grabbing a packet to obtain a verification code throu...

Design/Logic Flaw

The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack...

OpenSSH sshd denial of service vulnerability (CNVD-2016-06210)

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers maintained by the OpenBSD Project Group. It is an open source implementation of the SSH protocol that supports encryption of all transmissions, effectively preventing eavesdropping, connection hijackin...

Webutler CMS 3.2 - Cross-Site Request Forgery

Webutler CMS 3.2 - Cross-Site Request Forgery Dear OffSec, Here is the vulnerability detail as I submitted Exploit Title: Webutler CMS Cross-Site Request Forgery Date: 18 April 2016 Exploit Author: Keerati T. Post Vendor Homepage: http://webutler.de/en Software Link:...

UBUNTU-CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

Trove: potential leak of passwords into log files

The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...

MyioSoft Ajax Portal 3.0 - page SQL Injection

MyioSoft Ajax Portal 3.0 - page SQL Injection AjaxPortal 3.0 ajaxpbackend.php page Remote SQL Injection Vulnerability Bug found && Exploited by cOndemned Greetz: ZaBeaTy, d2, Beowulf, str0ke, Alfons Luja, 0in and others Proof of Concept :...

MyioSoft Ajax Portal 3.0 SQL Injection

AjaxPortal 3.0 ajaxpbackend.php page Remote SQL Injection Vulnerability Bug found && Exploited by cOndemned Greetz: ZaBeaTy, d2, Beowulf, str0ke, Alfons Luja, 0in and others Proof of Concept :...

PHP Ticket <= 0.71 (search.php) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl Copyright C undefined1 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any...

Samba 1.9.19 - 'Password' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/1816/info Samba is an open source software suite that provides seamless file and print services to SMB/CIFS clients. Certain older versions of Samba had a remotely exploitable buffer overflow vulnerability. This vulnerability was in the password functi...