CVE-2020-24008

Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

EUVD-2002-2178

Malware in sbrugna...

EUVD-2023-2374

Malicious code in bioql PyPI...

A Red Teaming Roadmap Towards System-Level Safety

Large Language Model LLM safeguards, which implement request refusals, have become a widely adopted mitigation strategy against misuse. At the intersection of adversarial machine learning and AI safety, safeguard red teaming has effectively identified critical vulnerabilities in state-of-the-art...

Linux Distros Unpatched Vulnerability : CVE-2018-15919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 ...

CVE-2024-5689

In addition to detecting when a user was taking a screenshot XXX, a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox 127...

CVE-2023-39343

Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by...

Observable Response Discrepancy on Admin Login

Description Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...

WPGateway WordPress plugin vulnerability could allow full site takeover

Theres been a few WordPress plugin vulnerabilities in the wild recently, and today we have another one to add to the list. Sometimes when word breaks of a WordPress plugin issue, a fix is already available and all you have to do is perform an update. On other occasions, the attack is live and out...

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack...

Debian DLA-2434-1 : gdm3 security update

It was discovered that there was an issue in the GNOME Display Manager where not detecting any users may make GDM launch initial system setup and thereby permitting the creation of new users with sudo capabilities. For Debian 9 'Stretch', this problem has been fixed in version 3.22.3-3+deb9u3. We...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-1170)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-15919

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration or...

CVE-2018-15919

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration or...

CVE-2018-15919

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration or...

CVE-2018-15919

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration or...

Webmin User and Hostname Detected

Binary data 9525.prm...

FreeBSD : phpmyadmin -- multiple vulnerabilities (ef70b201-645d-11e6-9cdc-6805ca0b3d42)

The phpmyadmin development team reports : Weakness with cookie encryption Multiple XSS vulnerabilities Multiple XSS vulnerabilities PHP code injection Full path disclosure SQL injection attack Local file exposure Local file exposure through symlinks with UploadDir Path traversal with SaveDir and...

Detect if user is logged in

PMASA-2016-48 Announcement-ID: PMASA-2016-48 Date: 2016-07-24 Summary Detect if user is logged in Description A vulnerability was reported where an attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerabilit...

H.248.1 User Detection

Binary data 8269.prm...