23 matches found
EUVD-2018-19521
Malware in sbrugna...
EUVD-2018-0157
Malware in sbrugna...
EUVD-2000-0045
Malware in sbrugna...
EUVD-2019-13335
Malware in sbrugna...
CVE-2025-22228
CVE-2025-22228 is reported in IBM Netcool Operations Insight. The issue arises from BCryptPasswordEncoder.matches(CharSequence,String) returning true for passwords longer than 72 characters if the first 72 characters are identical, enabling an authentication bypass under certain inputs. Affected ...
CVE-2024-57707
An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components...
CVE-2023-36131
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter...
CVE-2023-33243
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...
DRIVE.NET, Inc.: [www.drive2.ru] Insufficient Security Configurability - The user's can set an existing password as a new password.
An application is allowing user to set new password same as that of the old password. Passwords are entirely user's responsibility but As the old password may be exposed to other users, depending on the security password policy application, it should not be possible to set a new password value...
CVE-2019-6282
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password...
CVE-2019-6279
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password...
PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control
Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Incorrect Access Control Date: 14/01/2019 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2019/01/15/plc-wireless-router-gpn2-4p21-c-cn-incorrect-access-control/ Vendor: ChinaMobile Category: Hardware Version: GPN2.4P21-C-C...
PLC Wireless Router GPN2.4P21-C-CN Cross Site Request Forgery
Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Cross-Site Request Forgery CSRF Date: 14/01/2019 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2019/01/15/plc-wireless-router-gpn2-4p21-c-cn-cross-site-request-forgery-csrf/ Vendor: ChinaMobile Category: Hardware Version:...
PLC Wireless Router GPN2.4P21-C-CN Incorrect Access Control
Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Incorrect Access Control Date: 15/01/2019 Exploit Author: Kumar Saurav Vendor: ChinaMobile Category: Hardware Version: GPN2.4P21-C-CN Firmware: W2001EN-00 Tested on: Windows CVE : CVE-2019-6279 Description: ChinaMobile PLC Wireless Router...
A Deep Learning Approach for Password Guessing: PassGAN
State-of-the-art password guessing tools, such as HashCat and John the Ripper JTR, enable users to check billions of passwords per second against password hashes. In addition to straightforward dictionary attacks, these tools can expand dictionaries using password generation rules. Although these...
PT-2017-17708 · D Link · D-Link Dir-615
Name of the Vulnerable Software and Affected Versions: D-Link DIR-615 version 20.09 Description: The issue allows an attacker to perform unwanted actions on a wireless router for which the user or admin is currently authenticated. This can be demonstrated by changing the Security option from WPA2...
S8000 rotating machinery online condition monitoring and analysis system weak password
No description provided by source...
[SYSS-2015-013] Panda Antivirus Pro 2015 - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-013 Product: Panda Antivirus Pro 2015 Vendor: Panda Security Affected Versions: 15.1.0 Tested Versions: 15.1.0 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solution...
Discuz! 绕过安全密码安装插件
简要描述: 前段时间我写了个利用插件拿Discuz!论坛shell的文章:http://zone.wooyun.org/content/5275 很多人说安装插件需要 安全密码 ,其实很早我就发现安全密码可以绕过的,这样就能在安装插件的论坛上拿下shell了 详细说明: 不管你是注入,还是社工,甚至人品大爆发输入弱智密码进入了Discuz!后台,按我那篇文章来利用插件来拿shell,却出现需要 安全密码的情况,郁闷了吧?如下图【这种情况主要是论坛管理员安装了插件,并且绑定了QQ】: 看到图片所示了吧,没辙了吧,呵呵,其实还真有办法绕过密码,安装插件的。 先说下我测试用的版本: Discu...
Command injection
Sun Logical Domain Manager aka LDoms Manager or ldm 1.0 through 1.0.3 displays the value of the OpenBoot PROM OBP security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l"...