22 matches found
GHSA-H29G-Q5C2-9H4F Parse Server email verification resend page leaks user existence
Impact The Pages route and legacy PublicAPI route for resending email verification links return distinguishable responses depending on whether the provided username exists and has an unverified email. This allows an unauthenticated attacker to enumerate valid usernames by observing different...
CVE-2025-34298
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent...
CVE-2025-34298
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent...
CVE-2025-34298 Nagios Log Server < 2024R1.3.2 Set Email Privilege Escalation
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent...
PT-2025-44525
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.3.2 Description Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation issue in the account email-change workflow. A user can set their email to an invalid value, and due to...
EUVD-2009-4434
Malware in sbrugna...
IssabelPbx 跨站脚本漏洞
IssabelPbx is an open source Gui graphical user interface from the Issabel Foundation. It is used to control and manage Asterisk Pbx. A cross-site scripting vulnerability exists in IssabelPbx version 5.0.0, which stems from insufficient validation of user input for the email parameter in index.ph...
Password Reset Allows For User Email Enumeration
Description The password reset function at the login page responds to valid and invalid emails in the application. Submitting an invalid email result in "The e-mail address is not assigned to any user account." A valid response results in a message stating an email has been sent. Proof of Concept...
that-value 安全漏洞
that-value is a multilingual platform validator package by the individual developer Paweł Stefański, Poland. A Regular Expression Denial of Service ReDOS vulnerability exists in that-value version v0.1.3, which can be exploited by an attacker to cause a denial of service when validating a crafted...
ReDos vulnerability on guest checkout email validation
Impact Denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like a.a.. Before the patch, it can be reproduced in the console like this: ruby irbmain...
CVE-2020-14230
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1...
Regular Expression Denial of Service (ReDoS)
Overview @absolunet/kafe is a Javascript utility library. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. It allows cause a denial of service when validating crafted invalid emails. Details Denial of Service DoS describes a family of attacks, all...
HackerOne: Account creation with invalid email addresses / email is accepting % and %0d%0a line termination chars
An account creation vulnerability was found where invalid email addresses containing '%' and '%0d%0a' line termination characters were accepted, allowing multiple unverified accounts to be created...
CVE-2018-20880
cPanel before 74.0.8 mishandles account suspension because of an invalid emailaccounts.json file SEC-445...
Liberapay: REGISTRATION USING FAKE EMAIL ACCOUNT
Go to page https://liberapay.com/sign-up 2. Input email address I tried to register with some email address [email protected] [email protected] [email protected] [email protected] [email protected] 3. Select the currency you want to use 4. click "GO" button 5. Will automatically enter into account without going through the process of verification email...
PHP Scripts Mall PHP Multivendor Ecommerce Arbitrary Registration URL Vulnerability
PHP Multivendor Ecommerce is a shopping cart software from PHP Scripts Mall built on the PHP platform that allows sellers to easily customize and sell their products. An arbitrary registration URL vulnerability exists in PHP Scripts Mall PHP Multivendor Ecommerce. A remote attacker can exploit th...
CVE-2017-17952
PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address...
CVE-2017-17952
PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address...
PHP Scripts Mall Professional Service Script Predictable Registration URL Vulnerability
Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. A predictable registration URL vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker could exploit this vulnerability to register with an invali...
Multiple KYOCERA mobile devices may reboot during email reception
Overview Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will...