Lucene search
+L

45 matches found

Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.3 views

PT-2024-40248 · Unknown · Silverstripe

Name of the Vulnerable Software and Affected Versions: Silverstripe affected versions not specified Description: The issue concerns a user ID enumeration vulnerability in brute force error messages. Specifically, the system previously handled login attempts for non-existent and existing users...

5.3CVSS6.9AI score
Exploits0References5
OSV
OSV
added 2023/05/25 3:15 a.m.5 views

CVE-2023-2732

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...

9.8CVSS7.3AI score0.67511EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.3 views

SUSE CVE-2020-27780

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...

9.8CVSS6.8AI score0.01959EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/26 4:15 p.m.3 views

CVE-2021-3754

A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password...

5.3CVSS6.7AI score0.01843EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.5 views

Ping Identity PingFederate授权问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. Ping Identity PingFederate has a security vulnerability that can be exploited by an existing user to reset the password of another existing user when the password reset mechani...

6.5CVSS6.6AI score0.00571EPSS
Exploits0References3
Prion
Prion
added 2022/02/10 11:15 p.m.15 views

Default credentials

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...

3.5CVSS6.7AI score0.00535EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/04 2:23 p.m.24 views

CVE-2021-43145

With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts...

8.2AI score0.00952EPSS
Exploits0References1
OSV
OSV
added 2022/01/06 6:32 p.m.9 views

GHSA-83X4-9CWR-5487 Improper Authorization in Keycloak

A incorrect authorization flaw was found in Keycloak 12.0.0, the flaw allows an attacker with any existing user account to create new default user accounts via the administrative REST API even where new user registration is disabled...

8.8CVSS5.8AI score0.01347EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/12/20 4:20 p.m.5 views

Keycloak: Incorrect authorization allows unpriviledged users to create other users

A flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled...

8.8CVSS5.7AI score0.01347EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/12/16 12:0 a.m.5 views

Elabftw 授权问题漏洞

eLabFTW is an open source platform for hosting experimental data. The platform runs on Linux systems and supports storage of multiple objects. eLabFTW is vulnerable to an authorization issue that stems from a lack of authentication measures or insufficient authentication strength in the network...

9.8CVSS5.7AI score0.00977EPSS
Exploits0References3
Huntr
Huntr
added 2021/10/14 4:24 p.m.10 views

Cross-site Scripting (XSS) - Stored in ampache/ampache

Description ampache has a stored XSS in the View Existing User , an attacker could exploit with the Website attribute to steal the other users' cookie Proof of Concept 1 Visit http://ampache//index.phppreferences.php?tab=account set the Website attribut toe: foo" onmouseover=alertdocument.cookie ...

0.2AI score
Exploits0References2
OSV
OSV
added 2021/05/17 3:15 p.m.3 views

CVE-2021-27734

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users...

9.8CVSS7.4AI score0.01264EPSS
Exploits0References1
OSV
OSV
added 2020/12/18 12:15 a.m.2 views

ALPINE-CVE-2020-27780

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...

9.8CVSS6.7AI score0.01959EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/11/20 12:0 a.m.43 views

openSUSE Security Update : gdm (openSUSE-2020-1961)

This update for gdm fixes the following issues : - Exit with failure if loading existing users fails bsc1178150 CVE-2020-16125. This update was imported from the SUSE:SLE-15-SP2:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

7.2CVSS7.1AI score0.01109EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2020/03/04 12:0 a.m.4 views

The vulnerability of the sudoer account in the Runas ALL system administration software allows a hacker to impersonate an existing user.

The vulnerability of the sudoer account in the Runas ALL system administration program is related to improper access control. Exploiting this vulnerability allows a malicious actor to impersonate an existing user...

7.8CVSS6.9AI score0.03295EPSS
Exploits0References10Affected Software4
OSV
OSV
added 2017/07/31 5:1 p.m.4 views

USN-3374-1 rabbitmq-server vulnerability

It was discovered that RabbitMQ incorrectly handled MQTT MQ Telemetry Transport authentication. A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password...

9.8CVSS7.3AI score0.01378EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/12/27 12:0 a.m.42 views

F5 Networks BIG-IP : OpenSSH vulnerability (K14845276)

When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hard-coded in the SSHD source code. An attacker can measure timing information to determine if a user exists when verifying a password. CVE-2016-6210 C Tenable Network Security, Inc. The descriptive tex...

5.9CVSS6.6AI score0.88944EPSS
Exploits12References2
Packet Storm
Packet Storm
added 2016/12/19 12:0 a.m.49 views

ntop-ng 2.5.160805 Username Enumeration

Exploit title: ntopng user enumeration Author: Dolev Farhi Contact: dolevf at protonmail.com Date: 04-08-2016 Vendor homepage: ntop.org Software version: v.2.5.160805 !/usr/env/python import os import sys import urllib import urllib2 import cookielib server = 'ip.add.re.ss' username = 'ntopng-use...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/08/16 12:0 a.m.168 views

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSH vulnerabilities (USN-3061-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3061-1 advisory. Eddie Harari discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. A remote attacker could...

7.8CVSS6.9AI score0.88944EPSS
Exploits17References3
Tenable Nessus
Tenable Nessus
added 2012/03/29 12:0 a.m.26 views

Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections

The remote web application fails to properly sanitize user-supplied input to the following servlets : - Printer.getPrinterAgentKey in the SoapServlet servlet - User.updateUserValue in the register.do servlet - User.isExistingUser in the logon.do servlet - Asset.getHWKey in the CallHomeExec servle...

7.5CVSS5.6AI score0.01757EPSS
Exploits1References3
Rows per page
Query Builder