8 matches found
Exploit for Authentication Bypass by Primary Weakness in Crushftp
CVE-2025-31161 - CrushFTP Authentication Bypass Exploit This...
CVE-2025-27929
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts...
CVE-2025-27929
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts...
CVE-2025-27929
CVE-2025-27929 affects Growatt Cloud Applications. The connected sources confirm an unauthenticated attacker can retrieve the full list of users associated with arbitrary accounts, implying a potential authorization/identity exposure vulnerability. Public details specifically mention Growatt Clou...
CVE-2021-32587
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADO...
Cockpit CMS NoSQLi to RCE
This module exploits two NoSQLi vulnerabilities to retrieve the user list, and password reset tokens from the system. Next, the USER is targetted to reset their password. Then a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it...
Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities
The version of Simple PHP Blog installed on the remote host allows authenticated attackers to upload files containing arbitrary code to be executed with the privileges of the web server userid. In addition, it likely lets anyone retrieve its configuration file as well as the user list and to dele...
Cleartext password access via SNMP in Nortel CVX
It's possible to retrive users list with passwords via default community public...