26 matches found
PT-2026-46130
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...
EUVD-2014-8415
Malware in sbrugna...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled...
GitLab 0 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2023-5612)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the...
XWiki Platform Information Disclosure Vulnerability
XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. An information disclosure vulnerability exists in XWiki Platform, which stems from a Solr-based search in XWiki disclosing a user's e-mail address even if e-mail address obfuscation is...
CVE-2023-1936 Exposure of Private Personal Information to an Unauthorized Actor in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue...
CVE-2023-26051 Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...
SonicWall Email 安全漏洞
SonicWALL Email Security Appliance is an email security appliance from SonicWALL USA. A security vulnerability exists in SonicWall Email. A remote attacker could exploit the vulnerability to access an error page containing sensitive information about a user's email address...
CVE-2021-25110 Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure
The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address...
WordPress Futurio Extra plugin <= 1.6.2 - User Email Address Leakage vulnerability
User Email Address Leakage vulnerability discovered by Krzysztof Zając in WordPress Futurio Extra plugin versions = 1.6.2. Solution Update the WordPress Futurio Extra plugin to the latest available version at least 1.6.3...
Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure
The plugin allows any logged in user, such as subscriber, to extract any other user's email address. PoC fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded" , "body": new URLSearchParams"action": "dilazmbqueryselect", "q": "@gma",...
CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR
Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...
CVE-2021-33321
CVE-2021-33321 affects Liferay Portal 6.2.3–7.3.2 and Liferay DXP before 7.3. The root cause is an insecure default configuration where the portal.property login.secure.forgot.password should be defaulted to true, enabling remote attackers to enumerate user email addresses via the forgot-password...
CVE-2020-3472 Cisco Webex Meetings User Email Address Information Disclosure Vulnerability
A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one...
CVE-2014-5516
Cross-site request forgery CSRF vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request...
CVE-2014-5516
Cross-site request forgery CSRF vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request...
CVE-2014-5516
KonaKart Storefront Application (DS Data Systems) prior to 7.3.0.0 is vulnerable to CSRF protection bypass that allows an attacker to hijack an administrator’s session by issuing a manipulated GET request to change a user email address. The issue is documented in CVE-2014-5516, with a remediation...
CVE-2014-3475
Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...
CVE-2014-8578
Cross-site scripting XSS vulnerability in the Groups panel in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475...
Cross site scripting
Cross-site scripting XSS vulnerability in the Groups panel in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475...