Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2024/11/26 6:52 p.m.23 views

CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...

2CVSS6.9AI score0.00536EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/26 6:52 p.m.48 views

CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...

2CVSS0.00536EPSS
Exploits0References1
CVE
CVE
added 2024/11/26 6:52 p.m.2797 views

CVE-2024-52008

Fides (open-source privacy engineering platform) has a password policy bypass in its invite flow. The /api/v1/user/accept-invite endpoint does not enforce the server-side password policy, allowing an invited user to set an arbitrarily weak password during initial account setup despite UI client-s...

8.8CVSS6.5AI score0.00536EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/18 12:0 a.m.8 views

The vulnerability of the Microsoft.NET Framework software platform, the Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and the Microsoft SharePoint Foundation software for electronic document management, is related to implementation errors in authentication procedures, which allow attackers to escalate their privileges.

The vulnerability of the Microsoft.NET Framework software platform, as well as the Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and Microsoft SharePoint Foundation email messaging software, is related to implementation errors in authentication procedures. Exploiting this...

6.8CVSS5.6AI score0.06024EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/07/04 12:0 a.m.3 views

The vulnerability of the HTTP API component of the Cisco Enterprise Chat and Email messaging service allows a perpetrator to disclose protected information.

The vulnerability of the HTTP API component of the Cisco Enterprise Chat and Email messaging service is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose protected information by sending a specially...

7.8CVSS5.5AI score0.01437EPSS
Exploits0References3
0day.today
0day.today
added 2010/02/04 12:0 a.m.34 views

Ipswitch IMAIL 11.01 reversible encryption + weak ACL

Exploit for unknown platform in category dos / poc ===================================================== Ipswitch IMAIL 11.01 reversible encryption + weak ACL ===================================================== 0x00 : Vulnerability Information + Product : IMail Server + Version : 11.01 + Vendor...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2000/03/29 12:0 a.m.32 views

winmail305.txt

I found some vulnerabilities if windmail run as a CGI application.tested On WindowsNT 4.0, Windmail 3.05 successfully. WindMail is a 32-bit Windows console program by geocel that gives you command-line e-mail messaging capability. You can download an evaluation copy of WindMail 3.0 at:...

7.4AI score
Exploits0
Rows per page
Query Builder