79 matches found
LiquidFiles < 4.2 - User Enumeration via Password Reset
LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...
CVE-2026-12673
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...
CVE-2026-12673
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...
CVE-2026-12673
Summary: Liquidfiles before 4.2.12 has a broken access control vulnerability that allows privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in the managed secondary (non-default) group. Affected product/version: Liquidfiles
EUVD-2026-38111
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...
VulnCheck KEV: CVE-2025-56132
LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...
CVE-2023-4393
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...
EUVD-2021-17077
Malware in sbrugna...
EUVD-2020-21454
Malware in sbrugna...
EUVD-2020-21453
Malware in sbrugna...
Exploit for CVE-2025-56132
CVE-2025-56132 - LiquidFiles User Enumeration POC Vulnerab...
EUVD-2023-54257
Malicious code in bioql PyPI...
EUVD-2025-23554
Malicious code in bioql PyPI...
EUVD-2025-23563
Malicious code in bioql PyPI...
EUVD-2025-31771
Malicious code in bioql PyPI...
CVE-2025-56132
LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...
CVE-2025-56132
LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...
CVE-2025-56132
LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...
Liquidfiles 安全漏洞
Liquidfiles is a storage service for large, secure file transfers and sharing for companies and organizations from US-based Liquidfiles, Inc. A security vulnerability exists in Liquidfiles versions prior to 4.2, which stems from the password reset feature returning distinguishable responses that...
CVE-2025-56132
LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...