CVE-2012-3798

The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks...

SUSE CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...

Sage X3 AdxAdmin Login Scanner

This module allows an attacker to perform a password guessing attack against the Sage X3 AdxAdmin service, which in turn can be used to authenticate to a local Windows account. This module implements the X3Crypt function to 'encrypt' any passwords to be used during the authentication process, giv...

CVE-2021-28482

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483. Recent assessments: zeroSteiner at June 03, 2021 1:07pm UTC reported: This vulnerability is a deserialization flaw in Exchange’s...

CVE-2020-15770

CVE-2020-15770 affects Gradle Enterprise 2018.5. The vulnerability stems from the lack of account lock-out after excessive failed login attempts, enabling repeated password guesses for a local user. Public sources in connected documents corroborate a brute-force risk without lock-out, specificall...

CVE-2016-9124

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users...

Revive Adserver: Login page password-guessing attack

Vulnerability description not provided...

Default credentials

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack...

CVE-2015-0997

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack...

ReddAPI: Login page password-guessing attack

Hello team of Reddapi! Here to report a vulnerability on your site. Affected site: www.reddapi.com Vulnerability: Login page password-guessing attack Severity:Low. Vulnerability description: A brute-force attack is an attempt to discover a password by systematically trying every possible...

YaCOMAS 0.3.6 Alpha Multiple Vulnerabilities

Exploit for php platform in category web applications Software: Yacomas 0.3.6 Vendor: http://yacomas.sourceforge.net/ Vuln Type: Multiple Vulnerability Download link: http://patux.net/downloads/yacomas-0.3.6alpha.tar.gz Author: email protected X contact: profesorxatotmail.com Home: www.ccat.edu.m...

YaCOMAS 0.3.6 Alpha - Multiple Vulnerabilities

YaCOMAS 0.3.6 Alpha - Multiple Vulnerabilities =================================================================== YaCOMAS 0.3.6 Multiple vulnerability =================================================================== Software: Yacomas 0.3.6 Vendor: http://yacomas.sourceforge.net/ Vuln Type:...

CVE-2004-0294

YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack...