Lucene search
+L

142 matches found

ptsecurity
ptsecurity
added 2024/03/21 12:0 a.m.11 views

PT-2024-20486 · Cdex · Cdex

Name of the Vulnerable Software and Affected Versions: CDeX application versions through 5.7.1 Description: This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

8CVSS6.8AI score0.00598EPSS
Exploits0References5
osv
osv
added 2024/02/27 1:15 a.m.4 views

CVE-2024-24720

An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...

5.3CVSS5.8AI score0.0047EPSS
Exploits0References3
nvd
nvd
added 2024/02/27 1:15 a.m.23 views

CVE-2024-24720

An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...

5.3CVSS6.4AI score0.0047EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/02/26 12:0 a.m.11 views

PT-2024-20517 · Innovaphone · Innovaphone Pbx

Name of the Vulnerable Software and Affected Versions: Innovaphone PBX versions prior to 14r1 Description: An issue was discovered in the Forgot password function. It provides information about whether a user exists on a system, and it also provides different responses to incoming requests in a w...

5.3CVSS7.1AI score0.0047EPSS
Exploits0References8
snyk
snyk
added 2024/02/20 3:31 p.m.3 views

Observable Discrepancy

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Observable Discrepancy via the authentication process. An attacker can obtain information about the existence of user accounts by analyzing differences in response...

6.9CVSS6.8AI score0.00527EPSS
Exploits0References2
attackerkb
attackerkb
added 2023/12/21 12:15 a.m.8 views

CVE-2023-41166

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands...

5.3CVSS5.8AI score0.004EPSS
Exploits0References2
osv
osv
added 2023/12/21 12:15 a.m.5 views

CVE-2023-41166

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands...

5.3CVSS5.8AI score0.004EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/08/04 12:0 a.m.7 views

Sulu Security Breach

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A security vulnerability exists in Sulu that stems from the ability to detect which users username, email exist via the Admin Login form...

4.3CVSS6.8AI score0.00496EPSS
Exploits0References4
github
github
added 2023/04/27 3:30 a.m.14 views

User account enumeration in Serenity

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5.3CVSS6.9AI score0.01011EPSS
Exploits1References6Affected Software2
snyk
snyk
added 2023/04/27 3:30 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. Remediation...

5.3CVSS6.9AI score0.01011EPSS
Exploits1References2
snyk
snyk
added 2023/04/27 3:30 a.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. Remediation...

5.3CVSS6.9AI score0.01011EPSS
Exploits1References2
snyk
snyk
added 2023/04/27 3:30 a.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. Remediation...

5.3CVSS6.9AI score0.01011EPSS
Exploits1References2
nvd
nvd
added 2023/04/27 3:15 a.m.26 views

CVE-2023-31286

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5.3CVSS5.3AI score0.01011EPSS
Exploits1References4
prion
prion
added 2023/04/27 3:15 a.m.20 views

Cross site request forgery (csrf)

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5CVSS5.2AI score0.01011EPSS
Exploits1References3Affected Software2
osv
osv
added 2023/04/27 12:0 a.m.13 views

CVE-2023-31286

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5.3CVSS7.1AI score0.01011EPSS
Exploits1References6
cvelist
cvelist
added 2023/04/27 12:0 a.m.38 views

CVE-2023-31286

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5.5AI score0.01011EPSS
Exploits1References3
cve
cve
added 2023/04/27 12:0 a.m.64 views

CVE-2023-31286

Summary: CVE-2023-31286 affects Serenity Serene and StartSharp prior to 6.7.0. The issue arises during password reset requests, where the server response reveals whether a user exists. Specifically, attempting to reset a password for a non-existent user yields an error message indicating that the...

5.3CVSS5.5AI score0.01011EPSS
Exploits1References4Affected Software2
cnnvd
cnnvd
added 2023/03/12 12:0 a.m.7 views

Ez Systems eZ Platform 安全漏洞

Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. A security vulnerability exists in Ez Systems eZ Publish Ibexa Kernel versions prior to 7.5.15.1, which stems from misuse of the /user/sessions endpoint to determine if an account...

5.3CVSS5.7AI score0.00507EPSS
Exploits0References3
githubexploit
githubexploit
added 2023/03/09 3:23 p.m.91 views

Exploit for Race Condition in Openbsd Openssh

SSH-User-Enum-Python3-CVE-2018-15473 SSH User Enumerator in P...

5.3CVSS9.3AI score0.98631EPSS
Exploits23
susecve
susecve
added 2023/02/15 6:22 a.m.6 views

SUSE CVE-2001-1483

One-Time Passwords In Everything a.k.a OPIE 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist...

5CVSS9.2AI score0.03671EPSS
Exploits0References3
Rows per page
Query Builder