Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weak vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1345
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an malicious user to perform a brute force attack and easily discover the root password.
NA
CVE-2024-1346
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an malicious user to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.
1 Github repository
NA
CVE-2024-1343
A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree BackUp'.
7.8
CVSSv3
CVE-2023-50236
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHOR...
8.8
CVSSv3
CVE-2024-22454
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges...
Dell Powerprotect Data Manager
9.8
CVSSv3
CVE-2024-1039
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.
Gesslergmbh Web-master Firmware 7.9
4.4
CVSSv3
CVE-2024-1040
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.
Gesslergmbh Web-master Firmware 7.9
9.8
CVSSv3
CVE-2023-4472
Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.
Objectplanet Opinio
7.1
CVSSv3
CVE-2024-0676
Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dict...
Lamassu Douro Firmware 7.1
Lamassu Douro Ii Firmware 7.1
8.8
CVSSv3
CVE-2023-47024
Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.
Ncratleos Terminal Handler 1.5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »