7 matches found
CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver
Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...
CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver
Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...
CVE-2024-52008
Fides (open-source privacy engineering platform) has a password policy bypass in its invite flow. The /api/v1/user/accept-invite endpoint does not enforce the server-side password policy, allowing an invited user to set an arbitrarily weak password during initial account setup despite UI client-s...
The vulnerability of the Microsoft.NET Framework software platform, the Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and the Microsoft SharePoint Foundation software for electronic document management, is related to implementation errors in authentication procedures, which allow attackers to escalate their privileges.
The vulnerability of the Microsoft.NET Framework software platform, as well as the Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and Microsoft SharePoint Foundation email messaging software, is related to implementation errors in authentication procedures. Exploiting this...
The vulnerability of the HTTP API component of the Cisco Enterprise Chat and Email messaging service allows a perpetrator to disclose protected information.
The vulnerability of the HTTP API component of the Cisco Enterprise Chat and Email messaging service is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose protected information by sending a specially...
Ipswitch IMAIL 11.01 reversible encryption + weak ACL
Exploit for unknown platform in category dos / poc ===================================================== Ipswitch IMAIL 11.01 reversible encryption + weak ACL ===================================================== 0x00 : Vulnerability Information + Product : IMail Server + Version : 11.01 + Vendor...
winmail305.txt
I found some vulnerabilities if windmail run as a CGI application.tested On WindowsNT 4.0, Windmail 3.05 successfully. WindMail is a 32-bit Windows console program by geocel that gives you command-line e-mail messaging capability. You can download an evaluation copy of WindMail 3.0 at:...