brute force vulnerabilities and exploits

5
CVSSv2
CVE-2019-18985

Pimcore before 6.2.2 lacks brute force protection for the 2FA token....

4.3
CVSSv2
CVE-2017-8342

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method....

10
CVSSv2
CVE-2004-0524

Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name....

7.5
CVSSv2
CVE-2013-0922

Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors....

7.5
CVSSv2
CVE-2013-2028

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness...

Nginx
5
CVSSv2
CVE-2013-2257

Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness...

7.5
CVSSv2
CVE-2004-1143

The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack....

4.3
CVSSv2
CVE-2004-1177

Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page....

5
CVSSv2
CVE-2005-0202

Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove...

5.8
CVSSv2
CVE-2014-2243

includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack...