CVE-2024-7010

mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

CVE-2022-32425

The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time...

Flask-AppBuilder User Enumeration Vulnerability

Flask-AppBuilder is a simple and fast application development framework. A user enumeration vulnerability exists in Flask- appbuilder, which can be exploited by an attacker to allow an unauthenticated user to enumerate existing accounts by timing the server's response time at login...

Information Disclosure

ezsystems/ezplatform-rest is vulnerable to information disclosure. The /user/sessions endpoint allows an attacker to discover valid accounts by analyzing the server response time...

Information Disclosure

typo3/cms-core is vulnerable to information disclosure. A remote attacker is able to discover valid email address via the password reset function by analyzing the server response time upon submitting the password reset with an arbitrary email address...

Timing Attack

github.com/youtube/vitess is vulnerable to timing attack. The use of an insecure String comparison function bytes.Compare in vitess/go/mysql/authserverstatic.go allows a remote attacker to discover users' plaintext passwords by analyzing response time from the server. The attacker will require th...

Timing Attack

github.com/pivotal-cf/on-demand-services-sdk is vulnerable to timing attack. This is due to an insecure method of verifying credentials which would allow remote attackers to make multiple authentication request to the server and discover valid credentials by analyzing the server response time and...

Mail.ru: [townwars.mail.ru] Time-Based SQL Injection

Добрый день. POSТ параметры "c" и "m" названия контроллера и метода соответственно уязвимы к атаке типа SQL Injection. прямого вывода на страницу нет, но можно получить данные ориентируясь на задержку ответа от сервера если запрос возвращает false - ответ от сервера возвращается быстро. если запр...

MyBulletinBoard (MyBB) <= 1.2.3 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; http://www.milw0rm.com/exploits/2012 They corrected not all a lot of SQL requests which use the ipaddress, with $db-escapestring. They don't corrected the function this is a choice ... the bad and they forgot to...