Lucene search
K

60 matches found

OSV
OSV
added 2024/11/23 4:15 a.m.4 views

CVE-2024-10537

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00366EPSS
Exploits0References2
CVE
CVE
added 2024/09/10 2:47 a.m.42 views

CVE-2024-42380

CVE-2024-42380 concerns SAP NetWeaver AS ABAP/ABAP Platform where an RFC-enabled function module allows a low-privileged user to read other users’ workplace favourites, user menus, and related node data, enabling username enumeration. The impact is described as low confidentiality risk to the app...

4.3CVSS4.6AI score0.00266EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.15 views

CVE-2024-3897

The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspbcreateauthor AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all...

5.3CVSS5.1AI score0.00623EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.61 views

CVE-2024-3897

CVE-2024-3897 affects the WordPress plugin Popup Box – Best WordPress Popup Plugin (ays-popup-box) up to version 4.3.6. The vulnerability arises from a missing capability check on the ays_pb_create_author AJAX action, allowing unauthenticated attackers to enumerate all registered emails. MITRE/AT...

5.3CVSS6.5AI score0.00623EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.19 views

CVE-2024-3897 Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure

The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspbcreateauthor AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all...

5.3CVSS5.4AI score0.00623EPSS
Exploits0References2
OSV
OSV
added 2023/10/31 8:29 p.m.3 views

GHSA-MP92-3JFM-3575 Synapse vulnerable to leak of remote user device information

Impact Cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. Patches System administrators are encouraged to upgrade to Synapse 1.95.1 as soon as possible. Workarounds The federationdomainwhitelist can be used ...

5.3CVSS5.9AI score0.00897EPSS
Exploits0References8
OSV
OSV
added 2023/07/21 8:18 p.m.25 views

GHSA-C9HW-557Q-F8HQ Pimcore vulnerable to SQL Injection in Dataobjects sorting

Impact Using some SQL exploitation tools such as sqlmap, an attacker can enumerate all information in the database, alter data or perform dos on the backend database. Patches Update to version 10.6.5 or apply this patch manually...

7.2CVSS7AI score0.00957EPSS
Exploits1References5
Rapid7 Blog
Rapid7 Blog
added 2023/04/11 1:0 p.m.11 views

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

Prior to Mar 18, 2023, due to a reliance on client-side controls, authorized users of Raptor Technologies Volunteer Management SaaS products could effectively enumerate authorized users, and could modify restricted and unrestricted fields in the accounts of other users associated with the same...

6.1AI score
Exploits0
OSV
OSV
added 2023/04/01 12:0 a.m.37 views

ASB-A-257030107

In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...

5.5CVSS5.1AI score0.00082EPSS
Exploits0References2
Prion
Prion
added 2022/06/27 9:15 p.m.12 views

Design/Logic Flaw

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed ...

5CVSS5.4AI score0.01201EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2022/06/27 8:45 p.m.18 views

CVE-2022-31088 Unauthenticated LDAP Injection in ldap-account-manager

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed ...

6.5CVSS6.1AI score0.01201EPSS
Exploits0References5
CVE
CVE
added 2022/06/27 8:45 p.m.103 views

CVE-2022-31088

The CVE-2022-31088 issue affects LDAP Account Manager (LAM). In versions prior to 8.0, the username field at login could be used to enumerate LDAP data during LDAP search configuration. This is limited to enumeration during login and does not mention broader code execution paths. The vulnerabilit...

6.5CVSS5.4AI score0.01201EPSS
Exploits0References3Affected Software1
Kitploit
Kitploit
added 2021/02/03 8:30 p.m.45 views

Linux-Chrome-Recon - An Information Gathering Tool Used To Enumerate All Possible Data About An User From Google-Chrome Browser From Any Linux Distribution

"linux-chrome-recon" is a Information gathering tool used to enumerate all possible data about an user from Google-Chrome browser from any Linux distribution Intro 1.Loots possible data from Google-Chrome 2.Launches HTTP Server on /tmp directory Usefull 3.Simple script to receive data from...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/07/02 12:0 a.m.25 views

ownCloud/Nextcloud Unprotected Data Directory (HTTP)

ownCloud/Nextcloud is exposing an unprotected data directory. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/12/20 12:0 a.m.16 views

WMI IIS ISAPI Extension Enumeration

Binary data wmienumiiscomponents.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2010/12/15 12:0 a.m.17 views

WMI Encryptable Volume Enumeration

Binary data wmienumencryptablevolumes.nbin...

7.3AI score
Exploits0References1
seebug.org
seebug.org
added 2008/04/23 12:0 a.m.25 views

RedDot CMS 7.5 (LngId) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/env python un-comment your selection. import urllib2 import urllib import string import getopt import sys def banner: print print "RED DOT CMS 7.5 database enumeration" print "by Mark Crowther and Rodrigo Marcos" def usage: print print "usage:" print...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/04/21 12:0 a.m.21 views

RedDot CMS 7.5 (LngId) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =================================================== RedDot CMS 7.5 LngId Remote SQL Injection Exploit =================================================== !/usr/bin/env python un-comment your selection. import urllib2 import urllib import...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/04/21 12:0 a.m.42 views

RDdbenum.py.txt

!/usr/bin/env python un-comment your selection. import urllib2 import urllib import string import getopt import sys def banner: print print "RED DOT CMS 7.5 database enumeration" print "by Mark Crowther and Rodrigo Marcos" def usage: print print "usage:" print "python RDPOC.py options URL" print...

7.5CVSS6.6AI score0.07534EPSS
Exploits3
Exploit DB
Exploit DB
added 2008/04/21 12:0 a.m.42 views

RedDot CMS 7.5 - &#039;LngId&#039; SQL Injection

!/usr/bin/env python un-comment your selection. import urllib2 import urllib import string import getopt import sys def banner: print print "RED DOT CMS 7.5 database enumeration" print "by Mark Crowther and Rodrigo Marcos" def usage: print print "usage:" print "python RDPOC.py options URL" print...

7AI score
Exploits0
Rows per page
Query Builder