6 matches found
Exploit for Observable Discrepancy in Spip
CVE-2019-16394 A simple POC python script of CVE-2019-16394...
[SECURITY] [DSA 4532-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4532-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 25, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4532-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4532-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 25, 2019 https://www.debian.org/security/faq -...
SPIP < 3.1.11, 3.2.x < 3.2.5 Multiple Vulnerabilities
SPIP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip"; ifdescription...
UBUNTU-CVE-2019-16394
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers...
CVE-2019-16394
SPIP (website engine) versions affected: 3.1.x prior to 3.1.11 and 3.2.x prior to 3.2.5. The issue is in the password reminder flow, where error messages differ depending on whether the provided e-mail exists, enabling potential user enumeration of subscribers. Root cause: non-homogeneous handlin...