Lucene search
K

56 matches found

Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.10 views

PT-2023-32877 · Unknown · Code-Projects E-Commerce Website

Name of the Vulnerable Software and Affected Versions: code-projects E-Commerce Website version 1.0 Description: A critical issue affects some unknown functionality of the file user signup.php. The manipulation of the firstname, middlename, email, address, contact, or username arguments leads to...

9.8CVSS7.8AI score0.00924EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.4 views

PT-2023-32878 · Unknown · Code-Projects E-Commerce Website

Name of the Vulnerable Software and Affected Versions: code-projects E-Commerce Website version 1.0 Description: A problematic vulnerability has been found in the code-projects E-Commerce Website, affecting an unknown part of the file user signup.php. The manipulation of the firstname argument wi...

6.1CVSS4.6AI score0.00833EPSS
Exploits1References6
OSV
OSV
added 2022/05/14 1:4 a.m.10 views

GHSA-RR6R-P7RW-369C Session Fixation in Jenkins

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account...

5.4CVSS6.6AI score0.01217EPSS
Exploits0References5
CVE
CVE
added 2022/04/29 7:40 a.m.63 views

CVE-2022-1526

The CVE-2022-1526 entry affects Emlog Pro up to version 1.2.2, where the vulnerability lies in POST parameter handling for articles. An attacker who can sign up and log in can craft input (examples show ) that leads to cross-site scripting (XSS). Public disclosures exist, and exploitation has bee...

5.4CVSS4.3AI score0.00558EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/18 9:40 p.m.97 views

CVE-2021-39138

Parse Server prior to v4.5.1 incorrectly classifies anonymous sessions as password-created when first signing up via REST, due to the createdWith value in _Session. This affects only developers who rely on createdWith for access control; the vulnerability is fixed in 4.5.1. The recommended workar...

6.5CVSS5.6AI score0.00993EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/11/21 11:15 p.m.18 views

CVE-2019-18933

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...

9.8CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2019/11/21 11:15 p.m.18 views

Authentication flaw

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...

7.5CVSS9.5AI score0.01352EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/21 10:45 p.m.29 views

CVE-2019-18933

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...

9.6AI score0.01352EPSS
Exploits0References2
CVE
CVE
added 2019/11/21 10:45 p.m.90 views

CVE-2019-18933

CVE-2019-18933 affects Zulip Server versions 1.7.0 through

9.8CVSS9.5AI score0.01352EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.254 views

Electricks eCommerce 1.0 Cross Site Scripting

Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an account on the following url:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/11/14 12:0 a.m.20 views

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user...

6.8AI score
Exploits0
0day.today
0day.today
added 2018/11/14 12:0 a.m.269 views

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an accoun...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/14 12:0 a.m.26 views

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting

Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an account on the following url:...

7.4AI score
Exploits0
CNVD
CNVD
added 2017/09/26 12:0 a.m.4 views

Public Transportation eTraffic App Has Logic Design Flaws

Bus eLutong is a free smartphone-based real-time bus information query software officially released by Beijing Public Transportation Group. There is a logical design vulnerability in Bus eLutong App, which allows an attacker to arbitrarily register a user and reset any user's password by grabbing...

6.8AI score
Exploits0
Veracode
Veracode
added 2017/05/09 5:31 a.m.10 views

Unauthorised New User Signup

fatfreecrm is susceptible to unauthorised new user signup. The vulnerability exists because userscontroller does not prevent creation of a new user signup using crafted POST request...

6.2AI score
Exploits0
Atlassian
Atlassian
added 2002/05/22 12:31 p.m.218 views

Problem when signing up for new user Account from login page

I signed up for a new user account from the login page, filled in a username, password, name and e-mail. Then I tried to login with the new username and got this exception: java.lang.NullPointerException at com.opensymphony.module.user.User.getGroupsUser.java:94 at...

0.4AI score
Exploits0
Rows per page
Query Builder