56 matches found
PT-2023-32877 · Unknown · Code-Projects E-Commerce Website
Name of the Vulnerable Software and Affected Versions: code-projects E-Commerce Website version 1.0 Description: A critical issue affects some unknown functionality of the file user signup.php. The manipulation of the firstname, middlename, email, address, contact, or username arguments leads to...
PT-2023-32878 · Unknown · Code-Projects E-Commerce Website
Name of the Vulnerable Software and Affected Versions: code-projects E-Commerce Website version 1.0 Description: A problematic vulnerability has been found in the code-projects E-Commerce Website, affecting an unknown part of the file user signup.php. The manipulation of the firstname argument wi...
GHSA-RR6R-P7RW-369C Session Fixation in Jenkins
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account...
CVE-2022-1526
The CVE-2022-1526 entry affects Emlog Pro up to version 1.2.2, where the vulnerability lies in POST parameter handling for articles. An attacker who can sign up and log in can craft input (examples show ) that leads to cross-site scripting (XSS). Public disclosures exist, and exploitation has bee...
CVE-2021-39138
Parse Server prior to v4.5.1 incorrectly classifies anonymous sessions as password-created when first signing up via REST, due to the createdWith value in _Session. This affects only developers who rely on createdWith for access control; the vulnerability is fixed in 4.5.1. The recommended workar...
CVE-2019-18933
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...
Authentication flaw
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...
CVE-2019-18933
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...
CVE-2019-18933
CVE-2019-18933 affects Zulip Server versions 1.7.0 through
Electricks eCommerce 1.0 Cross Site Scripting
Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an account on the following url:...
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user...
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an accoun...
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an account on the following url:...
Public Transportation eTraffic App Has Logic Design Flaws
Bus eLutong is a free smartphone-based real-time bus information query software officially released by Beijing Public Transportation Group. There is a logical design vulnerability in Bus eLutong App, which allows an attacker to arbitrarily register a user and reset any user's password by grabbing...
Unauthorised New User Signup
fatfreecrm is susceptible to unauthorised new user signup. The vulnerability exists because userscontroller does not prevent creation of a new user signup using crafted POST request...
Problem when signing up for new user Account from login page
I signed up for a new user account from the login page, filled in a username, password, name and e-mail. Then I tried to login with the new username and got this exception: java.lang.NullPointerException at com.opensymphony.module.user.User.getGroupsUser.java:94 at...