141 matches found
CVE-2024-24720
An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...
CVE-2024-24720
An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...
PT-2024-20517 · Innovaphone · Innovaphone Pbx
Name of the Vulnerable Software and Affected Versions: Innovaphone PBX versions prior to 14r1 Description: An issue was discovered in the Forgot password function. It provides information about whether a user exists on a system, and it also provides different responses to incoming requests in a w...
Observable Discrepancy
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Observable Discrepancy via the authentication process. An attacker can obtain information about the existence of user accounts by analyzing differences in response...
CVE-2023-41166
An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands...
CVE-2023-41166
An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands...
Sulu Security Breach
Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A security vulnerability exists in Sulu that stems from the ability to detect which users username, email exist via the Admin Login form...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. Remediation...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. Remediation...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. Remediation...
User account enumeration in Serenity
An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...
CVE-2023-31286
An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...
CVE-2023-31286
An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...
Cross site request forgery (csrf)
An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...
CVE-2023-31286
An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...
CVE-2023-31286
Summary: CVE-2023-31286 affects Serenity Serene and StartSharp prior to 6.7.0. The issue arises during password reset requests, where the server response reveals whether a user exists. Specifically, attempting to reset a password for a non-existent user yields an error message indicating that the...
Ez Systems eZ Platform 安全漏洞
Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. A security vulnerability exists in Ez Systems eZ Publish Ibexa Kernel versions prior to 7.5.15.1, which stems from misuse of the /user/sessions endpoint to determine if an account...
Exploit for Race Condition in Openbsd Openssh
SSH-User-Enum-Python3-CVE-2018-15473 SSH User Enumerator in P...
SUSE CVE-2001-1483
One-Time Passwords In Everything a.k.a OPIE 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist...
Snipe-IT 安全漏洞
Snipe-IT is an open source IT asset/license management system. A security vulnerability exists in Snipe-IT versions prior to 6.0.14, which stems from the fact that an attacker can check the existence of a user account via response variables to password and reset requests...