EUVD-2017-18250

Malware in sbrugna...

CVE-2025-20185

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must...

Cisco Secure Email Gateway Privelege Escalation (cisco-sa-esa-sma-wsa-multi-yKUJhS34)

According to its self-reported version, Secure Email Gateway is affected by a vulnerability. - A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance coul...

Dahua Security Cameras Weak Password Recovery Mechanism for Forgotten Password (CVE-2017-9315)

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by...

GHSA-VJC4-3VGX-PQ9H Nebari prints temporary Keycloak root password

Nebari through 2024.4.1 prints the temporary Keycloak root password...

PYSEC-2024-185

Nebari through 2024.4.1 prints the temporary Keycloak root password...

CVE-2024-34529

Nebari through 2024.4.1 prints the temporary Keycloak root password...

Phicomm 多款产品安全漏洞

Phicomm PHICOMM K2 is a wireless router.PHICOMM K3 is a dual-band Gigabit wireless WiFi router.PHICOMM K3C is a dual-band Gigabit wireless WiFi router.PHICOMM K2 A7 is a dual-band Gigabit wireless WiFi router.PHICOMM K2G A1 is a dual-band Gigabit wireless WiFi router. The PHICOMM K3 is a dual-ban...

LY Corporation: Password reset by malicious input on air.line.me

Due to the bug in the account verification process in the password reset function of air.line.me, it was possible to change other's passwords if a temporary password reset key was set to a space...

Unspecified Vulnerability in Green Electronics RainMachine Mini-8

The Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics USA. A security vulnerability exists in the application logic in the Green Electronics RainMachine Mini-8 Generation 2 that stems from a function that generates a 6-digit temporary password using a has...

What Is Your Bank’s Security Banking On?

A large number of banks, credit unions and other financial institutions just pushed customers onto new e-banking platforms that asked them to reset their account passwords by entering a username plus some other static identifier -- such as the first six digits of their Social Security number SSN,...

Design/Logic Flaw

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by...

CVE-2017-9315

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by...

CVE-2017-9315

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by...

CVE-2017-9315

The CVE-2017-9315 entry concerns Dahua IP cameras/IP PTZ with a weak admin-password recovery mechanism. According to the provided description and related sources, a user who submits device information could obtain a time-limited temporary password from a Dahua dealer to reset the admin password, ...

Force-Password-Change Bypass

Moodle is vulnerable to the bypass of the force-password-change requirement. Even when a password is forced to be changed on login, its possible for the temporary password to be used to create web service tokens, thus extending the life of the temporary password...

Lenovo XClarity Administrator Elevation of Privilege Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The solution supports simplified infrastructure management, faster server response, and improved performance of Lenovo server systems. An elevation of privilege vulnerability exists in Lenovo...

PYSEC-2016-17

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

Moodle < 2.5 / 2.5.x < 2.5.9 / 2.6.x < 2.6.6 / 2.7.x < 2.7.3 Multiple Vulnerabilities

Binary data 8721.prm...

Cisco Ironport Appliances Privilege Escalation Exploit

Cisco Ironport appliances are vulnerable to authenticated "admin" privilege escalation. By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore bypassing all existing "admin" account limitations. The vulnerability is due to weak algorith...