9 matches found
CVE-2024-42988
Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the account visibility settings. An attacker can view and interact with private posts and accounts by leveraging the improper enforcement of access controls. Remediation Upgrade pixelfed/pixelfed to version...
CVE-2024-42988
Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...
CVE-2024-42988
Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...
PT-2024-30243 · Ctfd · Ctfd
Name of the Vulnerable Software and Affected Versions: CTFd versions 2.0.0 through 3.7.2 Description: The issue concerns a lack of access control in the ChallengeSolves endpoint /api/v1/challenges//solves that allows authenticated users to retrieve a list of users who have solved a challenge,...
CVE-2024-42988
Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...
CVE-2024-42988
CTFd contains a lack of access control in the ChallengeSolves endpoint (/api/v1/challenges//solves) affecting v2.0.0–v3.7.2, enabling authenticated users to retrieve the list of solvers regardless of Account Visibility settings. The issue is fixed in v3.7.3+. Impact is limited to information expo...
Hidden administrator account the three minutes to get-vulnerability warning-the black bar safety net
On the regedit. exe everyone is familiar with, but not to the registry key set permissions, regedt32. exe the biggest advantages is the ability to the registry key set permissions. nt/2 0 0 0/xp account information in the registry HKEYLOCALMACHINE\SAM\SAM key, but in addition to the system user...
wingate.hijack.txt
Date: Tue, 9 Mar 1999 16:37:49 -0800 To: [email protected] Subject: Hacking USER's email with WinGate, lack of security on some ISPs Found out something to read some emails on my ISP, maybe this will work with other people if the ISP's site works just like mine... It consists that, i...