22 matches found
Zitadel - User Registration Bypass
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...
EUVD-2016-3093
Malware in sbrugna...
EUVD-2024-44063
Malicious code in bioql PyPI...
EUVD-2024-33417
Malicious code in bioql PyPI...
CVE-2016-20005
The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...
CVE-2025-24989
CVE-2025-24989 is an elevation of privilege vulnerability in Microsoft Power Pages caused by improper access control. Public sources in the provided documents consistently describe it as allowing an unauthorized networked attacker to bypass the user registration control and escalate privileges. R...
CVE-2024-27138
UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue...
CVE-2024-10393 Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration
The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'userscanregister' option in the 'registerinstructor' function. This makes it possible for unauthenticated attackers to register as the...
User Registration Bypass in Zitadel
Impact Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.63.4, disabling the "User Registration allowed" option only hid the registration button on the login page. Users could bypass this restriction by directly accessing t...
CVE-2024-49757 Zitadel User Registration Bypass Vulnerability
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...
CVE-2024-4444
CVE-2024-4444 affects the LearnPress – WordPress LMS Plugin for WordPress. The vulnerability is in LearnPress versions up to 4.2.6.5 and is caused by missing checks in the checkout’s create_account function, enabling unauthenticated attackers to register as the site’s default role even when regis...
WordPress LearnPress plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration vulnerability
Unauthenticated Bypass to User Registration vulnerability discovered by 1337Wannabe in WordPress Plugin LearnPress versions = 4.2.6.5...
CVE-2024-27138
CVE-2024-27138 concerns an Incorrect Authorization vulnerability in Apache Archiva. The affected software is Apache Archiva (retired/no longer maintained). The issue arises from a configuration that disables user registration, which can be bypassed, allowing unauthorized users to register or acce...
Exploit for Special Element Injection in Rocket.Chat
CVE-2021-22911 If you have already registered...
CVE-2016-20005
The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...
CVE-2016-20005
CVE-2016-20005 affects the Drupal REST/JSON project for Drupal 7, version 7.x-1.x, where a user registration bypass is possible. The provided documents identify this as SA-CONTRIB-2016-033, but do not give a detailed root cause or the exact vulnerable code paths. There is no explicit exploitation...
REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033
This module enables you to expose content, users and comments via a JSON API. The module contains multiple vulnerabilities including Node access bypass Comment access bypass User enumeration Field access bypass User registration bypass Blocked user login Session name guessing Session enumeration...
alitalk 1.9.1.1 - Multiple Vulnerabilities
No description provided by source. ALITALK v 1.9.1.1 Multiple Vulnerabilities author : tomplixsee google dork : POWERED BY ALITALK download : http://www.alilg.com/software/free-php-ajax-chat/ SQL INJECTION you need to login in order to exploit this vulnerability vulnerable code on...
alitalk-multi.txt
ALITALK v 1.9.1.1 Multiple Vulnerabilities author : tomplixsee google dork : POWERED BY ALITALK download : http://www.alilg.com/software/free-php-ajax-chat/ SQL INJECTION you need to login in order to exploit this vulnerability vulnerable code on inc/receivertwo.php "; echo" r%dtr...
alitalk 1.9.1.1 - Multiple Vulnerabilities
alitalk 1.9.1.1 - Multiple Vulnerabilities ALITALK v 1.9.1.1 Multiple Vulnerabilities author : tomplixsee google dork : POWERED BY ALITALK download : http://www.alilg.com/software/free-php-ajax-chat/ SQL INJECTION you need to login in order to exploit this vulnerability vulnerable code on...