178 matches found
CVE-2018-25398
Open ISES Project 3.30A is affected by an SQL injection in main.php via the frm_passwd parameter. Unauthenticated attackers can send crafted POST requests to extract database information (usernames, database names, version details). The issue is documented across CVE entries (CVE-2018-25398). No ...
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2019-25337
CVE-2019-25337 affects OwnCloud 8.1.8. The issue is a username enumeration flaw exposing user accounts by manipulating the share.php endpoint: sending crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter can reveal user information. Root cause appears to be impr...
CVE-2019-25337 OwnCloud 8.1.8 - Username Disclosure
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user...
CVE-2019-25337 OwnCloud 8.1.8 - Username Disclosure
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user...
CVE-2026-23901
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...
CVE-2026-22604
OpenProject is an open-source, web-based project management software. For OpenProject versions from 11.2.1 to before 16.6.2, when sending a POST request to the /account/changepassword endpoint with an arbitrary User ID as the passwordchangeuserid parameter, the resulting error page would show the...
CVE-2026-22604 OpenProject is vulnerable to user enumeration via the change password function
OpenProject is an open-source, web-based project management software. For OpenProject versions from 11.2.1 to before 16.6.2, when sending a POST request to the /account/changepassword endpoint with an arbitrary User ID as the passwordchangeuserid parameter, the resulting error page would show the...
CVE-2021-31549
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users...
CVE-2019-7272
Optergy Proton/Enterprise devices allow Username Disclosure...
CVE-2025-52331
Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...
CVE-2025-52331
Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...
CVE-2025-52331
Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...
PT-2025-44628
Name of the Vulnerable Software and Affected Versions Analytify Pro versions prior to 7.0.4 Description The Analytify Pro plugin for WordPress is susceptible to a sensitive information disclosure. Unauthenticated attackers may be able to extract usernames from the source code through the Analytif...
EUVD-2017-15965
Malware in sbrugna...
EUVD-2018-10371
Malware in sbrugna...
EUVD-2020-25863
Malware in sbrugna...
EUVD-2011-3094
Malware in sbrugna...
EUVD-2019-13214
Malware in sbrugna...
EUVD-2021-18446
Malware in sbrugna...