17 matches found
EUVD-2020-27293
Malware in sbrugna...
EUVD-2014-2253
Malware in sbrugna...
EUVD-2020-0405
Malware in sbrugna...
EUVD-2021-2111
Malware in sbrugna...
EUVD-2024-22023
Malicious code in bioql PyPI...
Mautic allows user name enumeration due to response time difference on password reset form
Summary This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...
CVE-2025-25198
mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...
CVE-2020-6140
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The passwordstfemail parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability...
LinkedIn: Can see phone numbers of others by providing mail address
The vulnerability allowed an attacker to view a user's phone number by abusing the password reset functionality. The phone number was exposed in the input field after verifying the user's email address...
GHSA-W3Q8-M492-4PWP Possibility to circumvent the invitation token expiry period
Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...
CVE-2023-46138 JumpServer default admin user email leak password reset
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
CVE-2023-4915
The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function in the WP User Control Widget. The functi...
CVE-2023-25161
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage...
Default credentials
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...
Ubuntu: Security Advisory (USN-4224-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Multiple Vulnerabilities in SweetRice CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SweetRice CMS which could be exploited to perform cross-site scripting and SQL injection attacks and change administrators password. 1 Cross-site scripting XSS vulnerability in SweetRice CMS The vulnerability...
Movable Type < 3.2 Multiple Vulnerabilities
The version of Movable Type installed on the remote host is affected by multiple vulnerabilities : - The application allows an attacker to enumerate valid usernames because its password reset functionality returns different errors depending on whether the supplied username exists. CVE-2005-3101 -...