30 matches found
CVE-2026-4913
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...
CVE-2026-4913
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...
CVE-2026-33316
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, a flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The ResetPassword function sets the user’s status to StatusActive after a successful password reset without...
Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement
Summary A flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The ResetPassword function sets the user’s status to StatusActive after a successful password reset without verifying whether the account was previously disabled. By requesting a reset token...
EUVD-2004-0082
Malware in sbrugna...
EUVD-2017-7932
Malware in sbrugna...
CVE-2025-26330
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account...
Tridium Niagara Improper Authentication (CVE-2017-16748)
An attacker can log into the local Niagara platform Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. This plugin only works with Tenable.o...
Arvados 授权问题漏洞
Arvados is an open source platform for managing and analyzing biomedical big data. An authorization issue vulnerability exists in Arvados version 2.4.2 and prior versions, which stems from the fact that when a user is authenticated using the Portable Authentication Module PAM, Arvados can still b...
GHSA-36MJ-6R7R-MQHF User can obtain JWT token even if account is disabled
Users can authenticate this way even if their user account is disabled. This is a high risk vulnerability when account disabling is used to block users' access to the system. Someone who never had an account cannot exploit this vulnerability. The fix ensures tokens are generated only for enabled...
Chaturbate: Chaturbate "/chat_ignore_list/" endpoint does not check for Account status: Disabled before adding Ignore via POST
Summary Chaturbate.com provides the ability for its users when in chat to ignore other users in chat rooms via DM etc by adding their camhandle name to ignorelist via HUI Actually this is just a POST to /chatignorelist/ getting as a parameter the username which is the camhandle name in order to a...
Tridium Niagara AX Framework and Niagara 4 Framework Authentication Bypass Vulnerability
Tridium Niagara AX Framework and Niagara 4 Framework are both IoT business application frameworks from Tridium USA. An authentication bypass vulnerability exists in Tridium Niagara AX Framework 3.8 and earlier and Niagara 4 Framework 4.4 and earlier. A remote attacker can exploit this vulnerabili...
CVE-2017-16748
An attacker can log into the local Niagara platform Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system...
CVE-2017-16748
An attacker can log into the local Niagara platform Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system...
Windows Manage RID Hijacking
This module will create an entry on the target by modifying some properties of an existing account. It will change the account attributes by setting a Relative Identifier RID, which should be owned by one existing account on the destination machine. Taking advantage of some Windows Local Users...
CVE-2017-12197
Removed by vendor...
Disabled Account Bypass
libpam4j is vulnerable to authentication bypass. The authenticate method doesn't check the status of the users account, allowing any attacker with a valid password to login regardless of if the account has been disabled...
HackerOne: Issue with password change in Disabled Account
Hello Hackerone, Summary: I have found that 38343 is not yet fully fixed, disabled user is not always gets notification about password change when a password is changed via password reset link, then such a notification is not send to the disabled user. Description Include Impact: When a password...
libpam4j: Account check bypass
It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information...
libpam4j: Account check bypass
It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information...