Lucene search
K

7 matches found

OSV
OSV
added 2025/06/23 5:41 a.m.3 views

BIT-GHOST-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...

9.1CVSS9.4AI score0.00766EPSS
Exploits1References4
Veracode
Veracode
added 2024/06/18 4:28 a.m.18 views

Authentication Bypass

ghost is vulnerable Authentication Bypass. The vulnerability is caused due to the misuse of multiple X-Forwarded-For headers with different values, which allows remote attackers to bypass the rate-limit protection mechanism. Note that the project recommends a reverse proxy to prevent this...

9.1CVSS7AI score0.00766EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/16 12:0 a.m.14 views

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...

7.3AI score0.00766EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/06/16 12:0 a.m.30 views

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...

0.00766EPSS
Exploits1References3
Huntr
Huntr
added 2022/08/06 6:45 a.m.19 views

Account Takeover [namelessmc.com]

Description: 1. Hello team, while i was testing on https://namelessmc.com/login/ i noticed that there is no ratelimit protection on POST login form, so an attacker can takeover the account by brute forcing the password field Steps to reproduce: 1. 1- go to https://namelessmc.com/login/ 2. 2- Ente...

5CVSS7.8AI score0.01118EPSS
Exploits1
Hacker One
Hacker One
added 2021/05/13 9:59 a.m.84 views

Sifchain: No Rate Limit protection in user subscription form

Summary: Hello I found your form that user can subscribe for any update has no rate limit protection. Step to reproduce 1. Visit http://sifchain.finance and move to subscribe form and enter email 2. click on sign-up button. 3. use burpsuite to intercept the request and send to intruder. 4. Clear...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/08/24 3:32 a.m.17 views

Unikrn: Rate-limit protection get executed in the last stage of the registration process, allowing enumeration of existing account.

Summary: ====== This may be low risk impact but I need to suggest on improvement on your existing rate-limit protection on the registration page, It is an easy workaround and make the current protection more secure. Description: ======== Unikrn increases the registration security by requiring use...

7.1AI score
Exploits0
Rows per page
Query Builder