CVE-2013-1814

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response...

Apache Rave 0.20 User Information Disclosure

Apache Rave version 0.20 proof of concept user information disclosure exploit that leverages a flaw from 2013. ============================================================================================================================================= | Title : Apache Rave 0.20 Disclosure of use...

blit-server (>=0.20.0 <=0.28.3), gridvid (>=0.1.0 <=0.3.0) +7 more potentially affected by CVE-2025-27091 via openh264-sys2 (>=0.1.17 <=0.7.1)

openh264-sys2 CARGO version =0.1.17, =0.20.0, =0.1.0, =0.1.9, =0.1.33, =0.2.0, =0.1.0, =0.4.0, =0.5.5 Source cves: CVE-2025-27091 Source advisory: OSV:RUSTSEC-2025-0008...

Apache Rave User Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Rave User Information Disclosure', 'Description' = %q This module exploits an information disclosure in Apache Rave 0.20 and prior. The...

GHSA-428J-Q447-47RW Apache Rave information disclosure vulnerability

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response...

Apache Rave information disclosure vulnerability

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response...

Yahoo Messenger 5.5 - Remote Exploit (DSR-ducky.c)

No description provided by source. / --- Remote yahoo Messenger V5.5 exploiter on Windows XP --- Dtors Security Research DSR Code by: Rave The buffer looks like this |-----| Fillup x offsetJMP 0x3EIPNOPSSHELLCODE ^^ / include windows.h include stdio.h include stdlib.h include string.h include...

Apache Rave 0.11 - 0.20 - User Information Disclosure

No description provided by source. CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This...

Rave Creations/UHM (artists.asp) SQL Injection Vulnerability

No description provided by source...

Apache Rave User Information Disclosure

This module exploits an information disclosure in Apache Rave 0.20 and prior. The vulnerability exists in the RPC API, which allows any authenticated user to disclose information about all the users, including their password hashes. In order to authenticate, the user can provide his own...

[CVE-2013-1814] Apache Rave exposes User over API

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

CVE-2013-1814

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response...

Design/Logic Flaw

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response...

CVE-2013-1814

CVE-2013-1814 (Apache Rave) affects Apache Rave 0.11–0.20. The vulnerability lies in the User RPC API (users/get): remote authenticated users can disclose sensitive data for all user accounts via the offset parameter, including password hashes. Public references corroborate an information disclos...

CVE-2013-1814

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response...

Apache Rave Version Detection

Detection of Apache Rave. The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Apache Rave User Information Disclosure Vulnerability

Apache Rave is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:rave";...

Apache Rave 0.11 - 0.20 - User Information Disclosure Vulnerability

Exploit for multiple platform in category web applications CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via...

Apache Rave 0.11 0.20 - User Information Disclosure

Apache Rave 0.11 0.20 - User Information Disclosure CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the Us...

Apache Rave 0.11 &lt; 0.20 - User Information Disclosure

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...