25 matches found
CVE-2026-12213 hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization
A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launche...
Malicious code in bigint.fs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb3e0cb5c95475ce69c3672be6acfb9283bc6e29a1d7ba7452c922e7dc96a966 On require/import, index.js runs an IIFE that POSTs a getAccountInfo RPC call to https://api.devnet.solana.com for Solana account...
MAL-2026-3750 Malicious code in bigint.fs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb3e0cb5c95475ce69c3672be6acfb9283bc6e29a1d7ba7452c922e7dc96a966 On require/import, index.js runs an IIFE that POSTs a getAccountInfo RPC call to https://api.devnet.solana.com for Solana account...
CVE-2026-42483
A flaw was found in hashcat. A heap-based buffer overflow allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is calculated from untruste...
SUSE CVE-2026-42483
A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is...
Software-Exploitation-Final-Project
ATM Challenge - Buffer Overflow Exploit Author: Olalekan...
MAL-2025-41513 Malicious code in @twork-data-services/proxy-prime-acc-info (npm)
--- -= Per source details. Do not edit below this line.=-...
ViaTalk CP - Persistent XSS Web Vulnerability
Document Title: =============== ViaTalk CP - Persistent XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2314 Release Date: ============= 2023-07-20 Vulnerability Laboratory ID VL-ID: ==================================== 2314 Common...
New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web
A new "all-in-one" stealer malware named EvilExtractor also spelled Evil Extractor is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "I...
CVE-2022-45635
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...
PYSEC-2022-33
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...
CVE-2021-42336
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...
CVE-2014-3536
CFME CloudForms Management Engine 5: RHN account information is logged to topoutput.log during registration...
Magento Marketplace Suffers Data Breach Exposing Users' Account Info
If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately. Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that expose...
Fuze Patches TPN Handset Vulnerabilties
Fuze, a maker of popular enterprise-grade voice-over-IP handsets, earlier this year patched three vulnerabilities that exposed user account information and enabled unauthorized authentication. The issues were made public today by researchers at Rapid7 who privately disclosed the flaws on April 12...
Design/Logic Flaw
The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances...
SIPS 0.2.2 User Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7134/info It has been reported that authentication is not required to view user account information. As a result, an unauthorized remote attacker may be able to view potentially sensitive information. This may aid in...
IntegraXor账户信息泄漏漏洞
Bugtraq ID:66554 Ecava IntegraXor是一款使用HTML和SVG的人机接口产品。 Ecava IntegraXor存在未明错误,允许攻击者利用漏洞获取敏感账户信息。 0 IntegraXor 4.x Ecava IntegraXor 4.1 build 4410版本已修复该漏洞,建议用户下载使用: http://www.integraxor.com...
Threat Outbreak Alert: Fake Account Information Email Messages on November 17, 2013
Medium Alert ID: 31800 First Published: 2013 November 18 21:01 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain account information for the recipient. The text in the email message attempts to convince the recipient to op...
[SECURITY] Fedora 20 Update: accountsservice-0.6.35-1.fc20
The accountsservice project provides a set of D-Bus interfaces for querying and manipulating user account information and an implementation of these interfaces, based on the useradd, usermod and userdel commands...