2 matches found
Code injection
Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames...
CVE-2008-1166
CVE-2008-1166 relates to Flyspray 0.9.9.4, where authentication errors reveal whether a username is valid or invalid. The description in the CVE entry and corroborating records state that this behavior enables remote attackers to enumerate usernames. The connected documents corroborate Flyspray a...