27 matches found
CVE-2026-16076
AstrBot up to version 4.25.5 is affected by CVE-2026-16076. The vulnerability occurs in OpenApiRoute.chat_send (astrbot/dashboard/routes/open_api.py) where manipulation of the Username argument leads to authentication bypass by spoofing. The issue is exploitable remotely, the exploit is publicly ...
CVE-2026-16076
A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chatsend of the file astrbot/dashboard/routes/openapi.py of the component API. Such manipulation of the argument Username leads to authentication bypass by spoofing. It is possible to...
CVE-2026-62644
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover...
CVE-2026-62644
This CVE (CVE-2026-62644) affects Roundcube Webmail prior to 1.6.17 and 1.7.x prior to 1.7.2. The vulnerability lies in the password plugin, where session data usability allowed username spoofing, potentially enabling account takeover. The bases of impact are high for confidentiality and integrit...
CVE-2026-62644
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover...
CVE-2026-28480 OpenClaw < 2026.2.14 - Identity Spoofing via Mutable Username in Telegram Allowlist Authorization
OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with...
EUVD-2005-1407
Malware in sbrugna...
EUVD-2002-0318
Malware in sbrugna...
CVE-2012-2351
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username...
CVE-2005-1404
MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the 1 nbuser parameter to post.php or 2 sender parameter to privmsg.php...
Authd 安全漏洞
Authd is a cloud-based authentication daemon for identity providers in the Ubuntu open source. A security vulnerability exists in Authd versions prior to 0.3.6 that stems from insufficient randomization of user IDs to prevent conflicts, allowing a local attacker with a registered username to spoo...
CVE-2021-3754
CVE-2021-3754 affects Keycloak (and Red Hat SSO) where improper input validation allows a user to register with a username identical to an existing user’s email. Root cause: usernames are evaluated before emails, enabling email-as-username misuse. Impact documented in advisories includes password...
Username spoofing in OnionShare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. - Vulnerability ID: OTF-005 - Vulnerability type: Improper Input Sanitization -...
CVE-2022-21696 Username spoofing in OnionShare
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the nam...
CVE-2022-21696 Username spoofing in OnionShare
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the nam...
DEBIAN-CVE-2017-7650
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access...
MGASA-2017-0024 Updated shadow-utils packages fix security vulnerabilities
It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...
HFS HTTP File Server 1.5/2.x Multiple Security Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a...
Linux-PAM 0.77 Pam_Wheel Module getlogin() Username Spoofing Privileged Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7929/info A vulnerability has been discovered in the Linux-Pam pamwheel module. The problem exists in the way the module authenticates users under certain configurations. Specifically, if the module is configured to allow...
Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability
Syhunt: HFS HTTP File Server Username Spoofing and Log Forging/Injection Vulnerability Advisory-ID: 200801163 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 1.5g to and including 2.3Beta Build 174; and possibly HFS version 1.5f Non-Affected Applications: HFS 1.5e and...