32 matches found
EUVD-2010-0776
Malware in sbrugna...
EUVD-2007-5928
Malware in sbrugna...
EUVD-2017-0245
Malware in sbrugna...
EUVD-2016-6050
Malware in sbrugna...
EUVD-2018-2968
Malware in sbrugna...
EUVD-1999-1206
Malware in sbrugna...
EUVD-2022-2067
Malicious code in bioql PyPI...
CVE-2025-46704 Advantech iView Path Traversal
A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing...
CVE-2024-34336
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality...
CVE-2025-46736
Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patched in versions 10.8.10 and 13.8.1. No known workarounds a...
Shopware 安全漏洞
Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware, which stems from a store-api that detects the existence of an e-mail account, which could lead to information disclosure...
CVE-2025-30344
OpenSlides before 4.2.5 is affected by a timing-side channel vulnerability in /system/auth/login/. The response time differs depending on whether a user exists because password hashing is omitted in login handling, enabling potential information disclosure. The documented impact is a low-to-mediu...
ZITADEL 安全漏洞
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. A security vulnerability exists in ZITADEL that stems from a logic error contained in the Ignoring unknown usernam...
CVE-2021-46876
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence...
Windows NTFS - Privileged File Access Enumeration
Windows NTFS - Privileged File Access Enumeration + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NTFS-PRIVILEGED-FILE-ACCESS-ENUMERATION.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Windows...
CoreFTP SFTP Server/FTP Server Path Traversal Vulnerability
CoreFTP SFTP Server/FTP Server is a file transfer server. A path traversal vulnerability exists in CoreFTP Server FTP/SFTP Server version 2 build 674, which can be exploited by an attacker to browse outside the root directory and determine the existence of files with the help of the '....' sequen...
CVE-2018-13281
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager DSM before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the filepath parameter...
CVE-2018-15919
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration or...
Directory traversal
Directory traversal vulnerability in actionpack/lib/actiondispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when servestaticassets is enabled, allows remote attackers to determine the existence o...
Error pages can be used to guess local file paths – Opera Security Advisories
Remote web pages should not be able to detect what files a user has on their local machine. Certain error pages do not apply this restriction correctly, allowing web pages to produce an error page where a script can run. The script can then use various events to detect whether files on the user’s...