Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.7 views

CVE-2024-42988

Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...

4.3CVSS4.3AI score0.00304EPSS
Exploits0
Snyk
Snyk
added 2025/03/25 9:31 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the account visibility settings. An attacker can view and interact with private posts and accounts by leveraging the improper enforcement of access controls. Remediation Upgrade pixelfed/pixelfed to version...

5.3CVSS7AI score0.00291EPSS
Exploits0References2
OSV
OSV
added 2024/10/09 5:15 p.m.6 views

CVE-2024-42988

Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...

4.3CVSS6.7AI score
Exploits0References3
NVD
NVD
added 2024/10/09 5:15 p.m.42 views

CVE-2024-42988

Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...

4.3CVSS0.00304EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.8 views

PT-2024-30243 · Ctfd · Ctfd

Name of the Vulnerable Software and Affected Versions: CTFd versions 2.0.0 through 3.7.2 Description: The issue concerns a lack of access control in the ChallengeSolves endpoint /api/v1/challenges//solves that allows authenticated users to retrieve a list of users who have solved a challenge,...

4.3CVSS6.7AI score0.00304EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/10/09 12:0 a.m.20 views

CVE-2024-42988

Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...

0.00304EPSS
Exploits0References3
CVE
CVE
added 2024/10/09 12:0 a.m.83 views

CVE-2024-42988

CTFd contains a lack of access control in the ChallengeSolves endpoint (/api/v1/challenges//solves) affecting v2.0.0–v3.7.2, enabling authenticated users to retrieve the list of solvers regardless of Account Visibility settings. The issue is fixed in v3.7.3+. Impact is limited to information expo...

4.3CVSS6.2AI score0.00304EPSS
Exploits0References3
myhack58
myhack58
added 2007/09/23 12:0 a.m.23 views

Hidden administrator account the three minutes to get-vulnerability warning-the black bar safety net

On the regedit. exe everyone is familiar with, but not to the registry key set permissions, regedt32. exe the biggest advantages is the ability to the registry key set permissions. nt/2 0 0 0/xp account information in the registry HKEYLOCALMACHINE\SAM\SAM key, but in addition to the system user...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.19 views

wingate.hijack.txt

Date: Tue, 9 Mar 1999 16:37:49 -0800 To: [email protected] Subject: Hacking USER's email with WinGate, lack of security on some ISPs Found out something to read some emails on my ISP, maybe this will work with other people if the ISP's site works just like mine... It consists that, i...

7.4AI score
Exploits0
Rows per page
Query Builder