CVE-2024-13060

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...

dotProject 0.2.1 - User Cookie Authentication Bypass

source: https://www.securityfocus.com/bid/5347/info dotproject is prone to an issue which may allow remote attackers to bypass authentication and gain administrative access to the software. This may be accomplished by submitting a maliciously crafted 'usercookie' value either manually or via...