Server-Side Request Forgery (SSRF)

calibreweb is vulnerable to server-side request forgery. The vulnerability exists in deleteuser function of admin.py due to lack of validation which allows an attacker to fetch localhost URL and upload a book cover...

Design/Logic Flaw

omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack...

CVE-2021-31245

omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack...

CVE-2021-31245

CVE-2021-31245 affects openmptcprouter-vps-admin 0.57.3 and earlier. The issue is a timing-based password comparison in omr-admin.py that compares the user-supplied password with the original password in a length-dependent way, enabling remote attackers to guess the password through timing observ...

CVE-2015-5301

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...