20 matches found
File Browser Signup Grants Admin When Default Permissions Include Admin
Summary Any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the default user permissions have perm.admin = true. The signup handler blindly applies all default settings - including Perm.Admin - to the new user without any...
CVE-2025-52352
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to...
CVE-2025-52352
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to...
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...
Atlassian Bitbucket 8.4.x < 8.4.2 Command Injection
According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...
Atlassian Bitbucket 8.3.x < 8.3.3 Command Injection
According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...
Atlassian Bitbucket 8.2.x < 8.2.4 Command Injection
According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...
Atlassian Bitbucket < 7.6.19 Command Injection
According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...
Atlassian Bitbucket 8.1.x < 8.1.5 Command Injection
According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...
Command injection
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...
CVE-2022-3735
A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability...
seccome Ehoney 安全漏洞
seccome Ehoney is a secure, fast, highly interactive, enterprise-class honeypot management system open-sourced by China's seccome. A security vulnerability exists in seccome Ehoney, which stems from incorrect access control of some unknown handlers in its file /api/public/signup causing an attack...
PT-2022-5667 · Atlassian · Bitbucket Server +1
Name of the Vulnerable Software and Affected Versions: Atlassian Bitbucket Server and Data Center affected versions not specified Description: The issue is related to a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to...
Honeypot strategy is no longer effectively preventing spam account signup
panel:title=Fix From 3.9.5 onwards we have turned off the honeypot in favour of using captcha anyone affected by this issue just needs to switch the CAPTCHA on...
default config values restored
This should be for 2.9.1 - this version was not yet available under "affects versions" when filing this bug. After updating from 2.9 to 2.9.1, most of my settings were overwritten by their default values. - public signup got enabled - the language changed back to english instead of german - e-mai...
default config values restored
This should be for 2.9.1 - this version was not yet available under "affects versions" when filing this bug. After updating from 2.9 to 2.9.1, most of my settings were overwritten by their default values. - public signup got enabled - the language changed back to english instead of german - e-mai...
default config values restored
This should be for 2.9.1 - this version was not yet available under "affects versions" when filing this bug. After updating from 2.9 to 2.9.1, most of my settings were overwritten by their default values. - public signup got enabled - the language changed back to english instead of german - e-mai...