CVE-2024-51739 Users enumeration allowed through Rest API in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in...

CVE-2024-51739 Users enumeration allowed through Rest API in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in...

PT-2023-24716 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin versions = 2.7.11 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application th...

PT-2023-24717 · Unknown · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg versions through 2.7.11 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, which can be exploited...

VMware Tanzu Application Service for VMs Unauthorized Access Vulnerability

VMware Tanzu Application Service for VMs is a suite of application development and deployment solutions from VMware. A security vulnerability exists in VMware Tanzu Application Service for VMs versions 2.6.x prior to 2.6.18, 2.7.x prior to 2.7.11, and 2.8.x prior to 2.8.5. An attacker could explo...