17 matches found
EUVD-2013-4438
Malware in sbrugna...
EUVD-2014-0847
Malware in sbrugna...
EUVD-2022-3516
Malicious code in bioql PyPI...
CVE-2005-4266
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value...
Sensitive Information Exposure
Liferay Portal is vulnerable to Sensitive Information Exposure. The vulnerability is due to the doAsUserId URL parameter being leaked when creating linked content using the WYSIWYG editor and impersonating a user. This can be exploited to potentially allow remote authenticated users to impersonat...
CVE-2024-23832 Mastodon Remote user impersonation and takeover
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is...
CVE-2024-23832 Mastodon Remote user impersonation and takeover
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is...
CVE-2023-49079 Misskey's missing signature validation allows arbitrary users to impersonate any remote user.
Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1...
Misskey Data Falsification Issue Vulnerability
Misskey is a suite of micro-blogging platforms. Misskey 2023.11.0 and prior versions suffer from a Data Forgery Issue vulnerability that stems from a lack of signature validation and allows an arbitrary user to impersonate any remote user...
Code injection
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user...
CVE-2017-5591
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...
CVE-2017-5592
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity 0.4.7 - 0.5.0...
CVE-2015-3143
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015...
CVE-2014-5375
CVE-2014-5375 affects Adaptive Computing Moab workload manager. It occurs when the Moab server does not properly validate that the message owner matches the submitting user, permitting remote authenticated users to impersonate arbitrary users via the and fields. Affected: Moab prior to 7.2.9 an...
CVE-2014-0188
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request...
CVE-2014-0817
CVE-2014-0817 affects Cybozu Garoon 2.x (up to 2.5.4) and 3.x (up to 3.7 SP3). The issue is improper session management that enables remote authenticated users to impersonate arbitrary accounts via unspecified vectors. Impact as described across multiple sources: an authenticated user could imper...
CVE-2011-4584
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Maha...