8 matches found
CVE-2024-24769 Vantage6: No limit on emails sent for password/MFA reset
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a l...
Vantage6: No limit on emails sent for password/MFA reset
Impact Users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam...
GHSA-5549-C5Q7-FJ65 Vantage6: No limit on emails sent for password/MFA reset
Impact Users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam...
The vulnerability of the “password reset” function in the CircuitVerse software for digital logic circuit design and simulation allows a hacker to send an unlimited number of emails to any email address using the “password reset” email address.
The vulnerability of the “password reset” function in the CircuitVerse software for digital logic circuit design and simulation arises from a situation where there is a race between different contexts. Exploiting this vulnerability allows an attacker to send an unlimited number of emails to any...
PT-2022-4432 · Unknown · Circuitverse
Name of the Vulnerable Software and Affected Versions: CircuitVerse affected versions not specified Description: The issue is related to a race condition in the password recovery function of CircuitVerse, a digital logic circuit development and simulation tool. This could allow a remote attacker ...
Microweber 授权问题漏洞
Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An email bombing vulnerability exists in versions of Microweber prior to 1.3. The vulnerability stems from a failure to ra...
in khodakhah/nodcms
Description There is no rate limit sent unlimited email victim or any email address Proof of Concept There is no rate limit return-password , attacker to send unlimited email to victim or any email address. POST /en/return-password HTTP/1.1 Host: demo.nodcms.com User-Agent: Mozilla/5.0 Windows NT...
Trello: Sending Unlimited Mails To Anybody With Easy Social Share Buttons Plugin
Hi, I want to talk about your ESSB plugin.When I was doing a research about it I saw that link " http://blog.trello.com/wp-content/plugins/easy-social-share-buttons3/public/essb-mail.php " When you navigate that link it says "message":"Error sending message!" But when you put the right parameters...