53 matches found
CVE-2023-40756
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2020-23283
Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force...
PT-2025-50241
Name of the Vulnerable Software and Affected Versions IntelliChoice eFORCE Software Suite version 2.5.9 Description The software contains a flaw that allows attackers to identify valid usernames. This is achieved by exploiting the ctl00$MainContent$UserName POST parameter. By sending requests wit...
CVE-2025-41066
Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the...
CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
EUVD-2007-2783
Malware in sbrugna...
EUVD-2020-16031
Malware in sbrugna...
EUVD-1999-0971
Malware in sbrugna...
EUVD-2020-16745
Malware in sbrugna...
EUVD-2005-2592
Malware in sbrugna...
EUVD-2022-25254
Malicious code in bioql PyPI...
EUVD-2023-37719
Malicious code in bioql PyPI...
EUVD-2022-27666
Malicious code in bioql PyPI...
Information Disclosure
omeroweb is vulnerable to information disclosure. The vulnerability is due to error messages displayed during the Forgot Password reset process disclosing user information, which allows an attacker to enumerate or gain insights about valid users...
CVE-2023-36127
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-3336
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users...
CVE-2020-28185
User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php...
CVE-2024-40480
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access...
CVE-2024-1145 Observable Response Discrepancy at Alma Devklan Blog
User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response...
SureMDM On-Premise CAPTCHA Bypass / User Enumeration
Exploit Title: SureMDM On-premise 6.31 - CAPTCHA Bypass User Enumeration Date: 05/12/2023 Exploit Author: Jonas Benjamin Friedli Vendor Homepage: https://www.42gears.com/products/mobile-device-management/ Version: = 6.31 Tested on: 6.31 CVE : CVE-2023-3897 import requests import sys def printhelp...