Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2025/12/10 4:32 a.m.6 views

CVE-2025-67504

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

9.8CVSS7.2AI score0.00452EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.6 views

PT-2025-45604

Name of the Vulnerable Software and Affected Versions Jumo variTRON300 affected versions not specified Description A flaw exists in the password generation algorithm when accessing the debug interface. An unauthenticated local attacker who knows the password generation timeframe may be able to...

7.4CVSS6.5AI score0.00125EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.5 views

Jumo variTRON300 安全特征问题漏洞

Jumo variTRON300 is an automation system from China-based Jumo Automation Jumo. The Jumo variTRON300 suffers from a security signature issue vulnerability that stems from a flaw in the password generation algorithm, which could allow an unauthenticated, local attacker to obtain the password via...

7.4CVSS6.7AI score0.00125EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-8503

Malware in sbrugna...

9.8CVSS9.1AI score0.01888EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/02 11:23 a.m.11 views

CVE-2025-6519 Consistent predictable generation of the password for the default admin user "ONEDAY" to the application services

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

9.3CVSS0.00501EPSS
Exploits0References1
OSV
OSV
added 2025/02/05 5:15 p.m.2 views

CVE-2025-20185

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must...

6.7CVSS6AI score0.00183EPSS
Exploits0References1
NVD
NVD
added 2025/02/05 5:15 p.m.17 views

CVE-2025-20185

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must...

6.7CVSS0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/05 4:14 p.m.5 views

CVE-2025-20185 Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must...

3.4CVSS7.5AI score0.00183EPSS
Exploits0References1
CVE
CVE
added 2025/02/05 4:14 p.m.70 views

CVE-2025-20185

CVE-2025-20185 affects Cisco AsyncOS Software (Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance). A vulnerability in the remote access password generation algorithm allows an authenticated, local attacker (with valid administrator credentials) to escalate privile...

6.7CVSS7.5AI score0.00183EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.2 views

PT-2025-5710 · Cisco · Cisco Asyncos

Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance affected versions not specified Description: A vulnerability in the implementation of the remote access functionality...

6.7CVSS7.3AI score0.00183EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.5 views

Cisco AsyncOS 安全漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A security vulnerability exists in Cisco AsyncOS, which stems from a flaw in the password generation algorithm that allows an authenticated, local attacker to generate temporary passwords and gain root privileges...

6.7CVSS6.5AI score0.00183EPSS
Exploits0References1
OSV
OSV
added 2021/05/06 1:15 p.m.8 views

CVE-2021-1447

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An...

6.7CVSS6.9AI score0.00275EPSS
Exploits0References1
OSV
OSV
added 2020/02/11 8:15 p.m.4 views

CVE-2013-2120

The %password... macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack...

8.4CVSS7.2AI score
Exploits0References13
Rows per page
Query Builder