12 matches found
CVE-2025-23214
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
EUVD-2022-7695
Malicious code in bioql PyPI...
EUVD-2025-16182
Malicious code in bioql PyPI...
CVE-2022-48366
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...
CVE-2025-46736
Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patched in versions 10.8.10 and 13.8.1. No known workarounds a...
CVE-2022-26329 File existence disclosue vulnerability in IDM plugin
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL...
CVE-2022-44381
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...
SUSE-SU-2018:3910-1 Security update for openssh
This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully...
CVE-2015-5345
CVE-2015-5345 affects the Tomcat Mapper component: redirects are processed before security constraints/Filters, enabling a remote attacker to determine the existence of a directory via a URL that lacks a trailing slash. Affected upstream versions are Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8...
[Full-disclosure] Uebimiau Webmail Multiple Vulnerabilities
Synopsis: Multiple Vulnerabilities Introduction: Uebimiau is an open source webmail interface. Details: Uebimiau doesn't correctly handle the $GET array in error.php. Many vulnerabilities have been already discovered, but I would like to introduce few new ones: 1 XSS 2 Three Web Server Directory...
CVE-2004-2090
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist...
CVE-2004-1325
The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system...