Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Vulnrichment
Vulnrichmentadded 2025/01/02 4:8 p.m.9 views

CVE-2024-11717

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...

6.3CVSS7.2AI score0.00383EPSS
Exploits0References5
Veracode
Veracodeadded 2024/05/17 2:30 p.m.10 views

Weak Entropy In Token Generation

friendsofsymfony/user-bundle is vulnerable to Weak Entropy in Token Generation. The vulnerability is due to the imprecise nature of the baseconvert function used in FOSUserBundle, which allows attackers to exploit the weakened randomness of tokens generated for email confirmation and password...

7.2AI score
Exploits0
Github Security Blog
Github Security Blogadded 2024/05/15 9:42 p.m.12 views

FOSUserBundle Entropy is lost in the TokenGenerator

Description Because of the usage of baseconvert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically...

7.2AI score
Exploits0References4Affected Software1
Huntr
Huntradded 2023/09/24 3:18 p.m.33 views

Session is not expiring after password resetting

Description Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs, in this case the session is not getting expired after the password change Proof of Concept 1. Open http://localhost:8188/studio/profile in 2 browsers I use Firefox a...

7AI score0.00044EPSS
Exploits1References1
Veracode
Veracodeadded 2021/09/02 6:48 a.m.23 views

Malicious Password Resetting

laravel/laravel is doing malicious password resetting. The vulnerability exists because an attacker who knows the target's e-mail address can send proxy password reset requests through a running Akaunting instance...

8.1CVSS3.3AI score0.00325EPSS
Exploits1References7Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2018/10/12 12:0 a.m.516 views

JVN#49995005: OpenAM (Open Source Edition) vulnerable to session management

OpenAM Open Source Edition contains a vulnerability in session management. Impact A user who can login to the product may change the security questions and reset the login password. Solution Apply the Patch Patch for this vulnerability has been released by OpenAM Consortium. Apply the patch...

7.5CVSS7.6AI score0.00248EPSS
Exploits0
exploitpack
exploitpackadded 2013/06/07 12:0 a.m.95 views

PHP Ticket System Beta 1 - Cross-Site Request Forgery

PHP Ticket System Beta 1 - Cross-Site Request Forgery 1. 2. 3. + Exploit Title : php ticket system csrf 4. + Author : Pablo '7days' Riberio 5. + Team: So Good Security 6. + Other 0days : http://pastebin.com/u/7days 7. + Version : = BETA 1 8. + Tested on : windows/internet explorer 9. + Details:...

0.2AI score
Exploits0
Packet Storm
Packet Stormadded 2005/04/17 12:0 a.m.23 views

linksys-WET11_pass-reset.txt

================== =====Analysis===== ================== Cisco's Linksys WET11 ethernet bridge product is vulnerable to password resetting based on GET fields in a URL directed at the device. The change password utility provided on the device uses GET to send an obfuscated password as the argumen...

7.4AI score
Exploits0
Rows per page
Query Builder