CVE-2020-37173

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the...

CVE-2020-37173 AVideo Platform 8.1 - Information Disclosure (User Enumeration)

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the...

CVE-2020-37173

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the...

PT-2026-7672

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the use...

CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

CVE-2025-34441

CVE-2025-34441 affects AVideo versions prior to 20.1, exposing emails, usernames, admin status, and last login times via an unauthenticated public API endpoint, enabling user enumeration/privacy violations. Connected sources also describe unauthenticated RCE paths in AVideo 14.3.1+ through notify...

EUVD-2025-203938

AVideo versions prior to 20.0 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

CVE-2025-34441 AVideo < 20.1 User Information Disclosure via Public API

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

PT-2025-51874

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 have an issue where sensitive user information is exposed through an unauthenticated public API endpoint. The responses from this endpoint include emails, usernames,...

CVE-2025-57396

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escala...

phpBugTracker 1.6.0 /admin/status.php SQL注入

No description provided by source...

eSyndiCat Input Validation Error Vulnerability

eSyndiCat is Directory websystem, a product of eSyndiCat.com It has security hole allow attackers get admin and more and more. Infected version: eSyndiCat Pro v1.x Infected file: manage-admins.php Use poc file to attack: ------------------------------------------------ pDiscovered by H2P - A memb...

phpBB &lt;= 2.0.12 Change User Rights Authentication Bypass

No description provided by source. !/usr/bin/perl -w phpBB =2.0.12 session autologin exploit This script uses the vulerability in autologinid variable More: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563 Just gives an user on vulnerable forum administrator rights. You should register the...