4 matches found
CVE-2026-27856
Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...
CVE-2025-34429
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...
PT-2023-7956 · D Link · D-Link G416
Name of the Vulnerable Software and Affected Versions: D-Link G416 affected versions not specified Description: The issue is related to a command injection vulnerability in the flupl pythonmodules of D-Link G416 wireless routers. This vulnerability allows network-adjacent attackers to execute...
HP ArcSight Logger Brute Force Vulnerability
HP ArcSight Logger is a suite of log management software tools from Hewlett-Packard HP in the United States. The tool collects and integrates data from any log-generating source for log management, searching, indexing, reporting, analysis and retention. A security vulnerability exists in HP...