EUVD-2025-35719

The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks...

CVE-2025-34255 D-Link Nuclias Connect <= v1.3.1.4 Forgot Password Account Enumeration

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...

EUVD-2019-11427

Malware in sbrugna...

EUVD-2018-15909

Malware in sbrugna...

EUVD-2011-4518

Malware in sbrugna...

CVE-2019-20890

An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions...

CVE-2025-30150 Shopware 6 allows attackers to check for registered accounts through the store-api

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates...

CVE-2025-2910

User enumeration in the password reset module of the MeetMe authentication service in versions prior to 2024-09 allows an attacker to determine whether an email address is registered through specific error messages...

How to Configure Email Based Account Discovery on StoreFront

...

CVE-2022-43699

OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain found in the host part of an e-mail address...

CVE-2019-20890

Mattermost Server prior to 5.7 contains a vulnerability that allows bypassing email address discovery restrictions. This is recorded as CVE-2019-20890 and appears across multiple sources (NVD, Red Hat, CNVD, CVE lists). The issue is described consistently as an issue in Mattermost Server before 5...

Samurai Email Discovery - Is A Email Discovery Framework That Grabs Emails Via Google Dork, Company Name, Or Domain Name

SED is a email discovery framework created 100% in BASH that grabs emails via google dork, company name, or domain name. Requirements apt-install lynx Screenshots Possibly more features such as an OSINT options, and credential reuse discovery & torsocks implimented - but it does the trick for now...

looter (поиск новых векторов атаки)

Небольшой скрипт,реализующий некоторые техники в сборе инфы и поиске новых векторов атаки: 1 non recurse tld request loot 2 soa email/domain loot 3 whois email/domain loot вводная Иногда бывают ситуации,когда требуется найти новые 'точки входа'. looter может помочь облегчить задачу - например,мож...

Graugon Forum 1.3 - SQL Injection

Graugon Forum 1.3 - SQL Injection ------------------------------------------------------------------------ --Description-- A SQL injection vulnerability in Graugon Forum 1.3 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell. --PoC--...

calexp2.txt

====================================== DISCOVERED BY: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-LoverHacker-Breeeeh BoNym-Rootshill-LiNuXrOOt-SauDiVirUs ====================================== Example: /print/month.php?cid=&catid=SQL /print/month.php?cid=SQ...