16 matches found
CVE-2026-40485
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...
CVE-2026-24097
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/registerexisting endpoint, which could lead to information disclosure...
CVE-2025-24391
A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....
CVE-2025-24391
A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....
CVE-2025-24391 Possible user enumeration
A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....
CVE-2025-24391 Possible user enumeration
A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....
CVE-2025-24391
OTRS exposes an user-enumeration flaw via its External Interface affecting OTRS 7.0.X, 8.0.X, 2023.X, 2024.X, and 2025.X. Attackers can infer valid email addresses from differing HTTP response codes/messages, per multiple sources (e.g., Red Hat, SUSE, PT-2025-29438). CVSS 3.1 impact: LOW confiden...
Lack of brute force protection
Issue Description • A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until an attacker discover the one correct combination that works. Steps to Reproduce: '1. First capture login request with BurpSuite,...
EAP: field-name is not parsed in accordance to RFC7230
A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400...
strange_http_codes
Analyze HTTP response codes sent by the remote web application and report uncommon findings. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly...
Wrong HTTP response codes leak information
There are some resources exposed in FeCru where depending on their existence user may get 403 or 404 http response code depending on the existence of the resource. Because the permission check is done earlier than existence check, server may leak the existence of particular resource to the...
Novell 'modulemanager' Servlet Arbitrary File Upload (safe check)
The Administration Console component of Novell Access Manager or Novell iManager running on the remote web server has an arbitrary file upload vulnerability. Sending a specially crafted multipart POST request to '/nps/servlet/modulemanager' results in the upload of arbitrary data. Specifying a...
CentOS 3 / 4 : wget (CESA-2005:771)
Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A bug was found in the way wget writes file...
RHEL 4 : wget (RHSA-2005:771)
The remote Redhat Enterprise Linux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2005:771 advisory. GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A bug was found in the way wget writes files to the local...
wget security update
CentOS Errata and Security Advisory CESA-2005:771-01 Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use either the HTTP or FTP...
wget security update
CentOS Errata and Security Advisory CESA-2005:771 Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use either the HTTP or FTP...