Information Exposure

Umbraco is vulnerable to Information Exposure/User Enumeration. The vulnerability is due to PostRequestPasswordReset function in AuthenticationController.cs not have a feature to randomize the response time when processing password reset requests. This allows an attacker to potentially use the...

UBUNTU-CVE-2021-27927

In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init method. An...

Agentejo Cockpit NoSQL Injection Vulnerability

Agentejo Cockpit is a self-hosted "headless" and api driven lightweight, open source content management system. A NoSQL injection vulnerability exists in Agentejo Cockpit prior to version 0.11.2. The vulnerability can be exploited to conduct a NoSQL injection attack via the Controller/Auth.php...

Sensitive Data Exposure

Overview Versions of parse-server prior to 3.6.0 are vulnerable to Sensitive Data Exposure. The package throws the error ParseError.ACCOUNTALREADYLINKED208 before the authentication controller throws ParseError.SESSIONMISSING206. This allows unauthenticated attackers to enumerate user account by...