PT-2025-49125

Name of the Vulnerable Software and Affected Versions Medtronic CareLink Network versions prior to December 4, 2025 Description The Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint. Successful exploitation could allow an...

EUVD-2016-1785

Malware in sbrugna...

UoW Pop2d Remote File Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UoW pop2d Remote File Retrieval Vulnerability', 'Description' = %q This module exploits a vulnerability in the FOLD command of the University of...

CVE-2024-42559

CVE-2024-42559 affects Hotel Management System (commit 79d688). The vulnerability resides in the login component (process_login.php) allowing attackers to authenticate without a valid password, impacting confidentiality, integrity, and availability; CVSSv3.1 base score 9.8 (NETWORK, HIGH impact)....

USN-6571-1 monit vulnerability

Youssef Rebahi-Gilbert discovered that Monit did not properly process credentials for disabled accounts. An attacker could possibly use this issue to login to the platform with an expired account and a valid password...

modoboa 2.0.4 - Admin TakeOver

/ Exploit Title: modoboa 2.0.4 - Admin TakeOver Description: Authentication Bypass by Primary Weakness Date: 02/10/2023 Software Link: https://github.com/modoboa/modoboa Version: modoboa/modoboa prior to 2.0.4 Tested on: Arch Linux Exploit Author: 7h3h4ckv157 CVE: CVE-2023-0777 / package main...

CVE-2021-28373

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

Authentication Bypass

ldap3 is affected by an authentication bypass vulnerability. The rebind method of the Connection object allows for a successful rebind using an empty password after a correct bind with a valid password...

libpam4j: Account check bypass

It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information...

libpam4j: Account check bypass

It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information...

Zammad Security Bypass Vulnerability (CNVD-2017-04305)

Zammad is a web-based, open-source helpdesk/customer support system from the German company Zammad, with many features to manage customer communication through multiple channels such as phone calls. A security bypass vulnerability exists in Zammad. A remote attacker could exploit the vulnerabilit...

True North Software Internet Anywhere Mail Server 3.1.3 - RETR Denial of Service

source: https://www.securityfocus.com/bid/982/info Submitting a RETR command with a message ID argument longer than 10 numeric characters will result in a crash of the Internet Anywhere Mail Server. A Doctor Watson error message will appear reporting an access violation by MailServer.exe...

True North Software Internet Anywhere Mail Server 3.1.3 - RETR Denial of Service

True North Software Internet Anywhere Mail Server 3.1.3 - RETR Denial of Service source: https://www.securityfocus.com/bid/982/info Submitting a RETR command with a message ID argument longer than 10 numeric characters will result in a crash of the Internet Anywhere Mail Server. A Doctor Watson...