Lucene search
K

141 matches found

OSV
OSV
added 2024/02/27 1:15 a.m.4 views

CVE-2024-24720

An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...

5.3CVSS5.8AI score0.0047EPSS
Exploits0References3
NVD
NVD
added 2024/02/27 1:15 a.m.22 views

CVE-2024-24720

An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...

5.3CVSS6.4AI score0.0047EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.11 views

PT-2024-20517 · Innovaphone · Innovaphone Pbx

Name of the Vulnerable Software and Affected Versions: Innovaphone PBX versions prior to 14r1 Description: An issue was discovered in the Forgot password function. It provides information about whether a user exists on a system, and it also provides different responses to incoming requests in a w...

5.3CVSS7.1AI score0.0047EPSS
Exploits0References8
Snyk
Snyk
added 2024/02/20 3:31 p.m.3 views

Observable Discrepancy

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Observable Discrepancy via the authentication process. An attacker can obtain information about the existence of user accounts by analyzing differences in response...

6.9CVSS6.8AI score0.00527EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/12/21 12:15 a.m.7 views

CVE-2023-41166

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands...

5.3CVSS5.8AI score0.004EPSS
Exploits0References2
OSV
OSV
added 2023/12/21 12:15 a.m.4 views

CVE-2023-41166

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands...

5.3CVSS5.8AI score0.004EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/04 12:0 a.m.6 views

Sulu Security Breach

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A security vulnerability exists in Sulu that stems from the ability to detect which users username, email exist via the Admin Login form...

4.3CVSS6.8AI score0.00496EPSS
Exploits0References4
Snyk
Snyk
added 2023/04/27 3:30 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. Remediation...

5.3CVSS6.9AI score0.01011EPSS
Exploits1References2
Snyk
Snyk
added 2023/04/27 3:30 a.m.1 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. Remediation...

5.3CVSS6.9AI score0.01011EPSS
Exploits1References2
Snyk
Snyk
added 2023/04/27 3:30 a.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. Remediation...

5.3CVSS6.9AI score0.01011EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2023/04/27 3:30 a.m.13 views

User account enumeration in Serenity

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5.3CVSS6.9AI score0.01011EPSS
Exploits1References6Affected Software2
NVD
NVD
added 2023/04/27 3:15 a.m.25 views

CVE-2023-31286

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5.3CVSS5.3AI score0.01011EPSS
Exploits1References4
OSV
OSV
added 2023/04/27 3:15 a.m.10 views

CVE-2023-31286

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5.3CVSS7.1AI score
Exploits0References4
Prion
Prion
added 2023/04/27 3:15 a.m.20 views

Cross site request forgery (csrf)

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5CVSS5.2AI score0.01011EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2023/04/27 12:0 a.m.35 views

CVE-2023-31286

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5.5AI score0.01011EPSS
Exploits1References3
CVE
CVE
added 2023/04/27 12:0 a.m.62 views

CVE-2023-31286

Summary: CVE-2023-31286 affects Serenity Serene and StartSharp prior to 6.7.0. The issue arises during password reset requests, where the server response reveals whether a user exists. Specifically, attempting to reset a password for a non-existent user yields an error message indicating that the...

5.3CVSS5.5AI score0.01011EPSS
Exploits1References4Affected Software2
CNNVD
CNNVD
added 2023/03/12 12:0 a.m.6 views

Ez Systems eZ Platform 安全漏洞

Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. A security vulnerability exists in Ez Systems eZ Publish Ibexa Kernel versions prior to 7.5.15.1, which stems from misuse of the /user/sessions endpoint to determine if an account...

5.3CVSS5.7AI score0.00507EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2023/03/09 3:23 p.m.85 views

Exploit for Race Condition in Openbsd Openssh

SSH-User-Enum-Python3-CVE-2018-15473 SSH User Enumerator in P...

5.3CVSS9.3AI score0.98631EPSS
Exploits23
SUSE CVE
SUSE CVE
added 2023/02/15 6:22 a.m.6 views

SUSE CVE-2001-1483

One-Time Passwords In Everything a.k.a OPIE 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist...

5CVSS9.2AI score0.03671EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/25 12:0 a.m.3 views

Snipe-IT 安全漏洞

Snipe-IT is an open source IT asset/license management system. A security vulnerability exists in Snipe-IT versions prior to 6.0.14, which stems from the fact that an attacker can check the existence of a user account via response variables to password and reset requests...

5.3CVSS5.7AI score0.00646EPSS
Exploits1References2
Rows per page
Query Builder