CVE-2021-3784

Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This...

PT-2023-12329 · Unknown · Garuda Linux

Name of the Vulnerable Software and Affected Versions: Garuda Linux affected versions not specified Description: The issue is related to an insecure user creation and authentication process in Garuda Linux. When creating users from the 'Garuda settings manager', the system temporarily leaves the...

Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write", 'Description' = %q This module exploits a vulnerability that exists due t...

Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write", 'Description' = %q This module exploits a vulnerability that exists due t...

Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write Exploit

This Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written...

CVE-2020-5231

In Opencast before 7.6 and 8.1, users with the role ROLECOURSEADMIN can use the user-utils endpoint to create new users not including the role ROLEADMIN. ROLECOURSEADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code except for tests but only i...

Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write

This module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given...

CVE-2017-8914

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...

CVE-2017-8914

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...

Code injection

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...