Lucene search
K

31 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 8:41 p.m.7 views

CVE-2009-1803

FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

5CVSS7.1AI score0.01218EPSS
Exploits0References1
OSV
OSV
added 2024/12/04 3:33 p.m.5 views

CVE-2024-54002 Dependency-Track allows enumeration of managed users via /api/v1/user/login endpoint

Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than performing the same...

5.3CVSS6.7AI score0.00301EPSS
Exploits0References3
Veracode
Veracode
added 2024/09/06 3:3 a.m.12 views

Username Enumeration Attack

ethycafides is vulnerable to Username Enumeration Attack. The vulnerability is due to discrepancies in response times between valid and invalid usernames, which allow attackers to infer valid usernames based on the timing of server responses...

5.3CVSS6.7AI score0.00552EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/08/29 5:23 p.m.30 views

CVE-2023-39522 Username enumeration attack in goauthentik

goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recover...

5.3CVSS5.4AI score0.00514EPSS
Exploits0References2
Hacker One
Hacker One
added 2021/06/24 3:25 a.m.154 views

HackerOne: Report Duplicate Detector can match deleted and draft reports, may disclose title and vulnerability information

When a Report is submitted on HackerOne.com, a feature called the Report Duplicate Detector helps program members and triagers find potential duplicates of the submitted report. This feature will match against all reports that were submitted to the program. When the feature was introduced, all...

0.4AI score
Exploits0
CNVD
CNVD
added 2021/03/12 12:0 a.m.10 views

Unspecified vulnerability in GLPI (CNVD-2021-17773)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

6.8CVSS6.7AI score0.01416EPSS
Exploits1References1
NVD
NVD
added 2021/02/11 6:15 p.m.17 views

CVE-2020-1717

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack...

4CVSS0.00766EPSS
Exploits0References2
OSV
OSV
added 2020/12/17 5:15 a.m.2 views

CVE-2020-27199

The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for...

7.5CVSS7.1AI score0.02875EPSS
Exploits4References1
NVD
NVD
added 2020/09/01 9:15 p.m.23 views

CVE-2020-6874

A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...

9.1CVSS9.4AI score0.00445EPSS
Exploits0References1
OSV
OSV
added 2020/02/17 9:15 p.m.3 views

CVE-2020-7959

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognize...

5.3CVSS6AI score0.01378EPSS
Exploits1References2
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.34 views

msie.activex.filesearch.txt

Date: Wed, 9 Jun 1999 12:22:00 +0100 From: "Steve Loughran" Subject: ActiveX Security Revisited The latest Microsoft security bulletin http://www.microsoft.com/security/bulletins/ms99-018.asp includes two Internet Explorer patches. The first is a classic stack overrun -a web page can supply an ic...

7.4AI score
Exploits0
Rows per page
Query Builder