142 matches found
CVE-2025-23214
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
CVE-2025-41012
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
EUVD-2025-200225
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
CVE-2025-41015
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
CVE-2025-41012
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
CVE-2025-41012
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
CVE-2025-41012
The CVE-2025-41012 entry describes an unauthorized-access vulnerability in TCMAN GIM v11 (build 20250304) where an unauthenticated attacker can determine if a user exists on the system by sending requests to the PDAWebService ( /WS/PDAWebService.asmx ) using the parameters pda:userId and pda:newP...
TCMAN GIM 信息泄露漏洞
TCMAN GIM is a management system from the Spanish company TCMAN. An information disclosure vulnerability exists in TCMAN GIM version v11 20250304, which originates from an unauthenticated attacker being able to determine if a user exists via the pda:username parameter...
TCMAN GIM 安全漏洞
TCMAN GIM is a management system from the Spanish company TCMAN. A security vulnerability exists in TCMAN GIM version v11 20250304, which originates from unauthorized access and may result in determining the existence of a user...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the login process. An attacker can determine the existence of user accounts by analyzing differences in error messages presented during authentication attempts. Remediation Upgrade ibexa/user to version 5.0.3 or...
ibexa/user login enumerates user accounts
Impact In v5, error messages could provide enough information to tell whether a user exists or not. This is resolved by ensuring the error messages are sufficiently ambigious. Patches See "Patched versions". Workarounds None. Resources...
EUVD-2005-0798
Malware in sbrugna...
EUVD-2022-3451
Malicious code in bioql PyPI...
EUVD-2022-27843
Malicious code in bioql PyPI...
EUVD-2024-49324
Malicious code in bioql PyPI...
EUVD-2024-36383
Malicious code in bioql PyPI...
EUVD-2023-1404
Malicious code in bioql PyPI...
Timing Attack
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Timing Attack via the password encryptor during the login process. An attacker can determine the existence of user accounts by analyzing differences in server...