Lucene search
K

19 matches found

Cvelist
Cvelist
added 2025/07/25 12:0 a.m.24 views

CVE-2025-30086

CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...

0.00607EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.8 views

CVE-2024-5657

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

8.1CVSS6.9AI score0.00832EPSS
Exploits1References1
OSV
OSV
added 2024/06/10 12:0 a.m.16 views

ALSA-2024:3754 Important: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: delegation rules allow a proxy service to impersonate any user to access another target service...

8.8CVSS8.5AI score0.02053EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/06/10 12:0 a.m.24 views

RHEL 7 : ipa (RHSA-2024:3760)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3760 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based...

8.1CVSS7.7AI score0.02053EPSS
Exploits1References4
NVD
NVD
added 2022/11/17 10:15 p.m.15 views

CVE-2022-3090

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This coul...

7.5CVSS0.00609EPSS
Exploits0References1
OSV
OSV
added 2022/05/17 3:49 a.m.4 views

GHSA-52J9-V3JC-9XGC Tryton allows users to read the hashed password

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...

6CVSS5AI score0.01587EPSS
Exploits0References9
Cvelist
Cvelist
added 2022/04/25 12:0 a.m.36 views

CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

9.2AI score0.08057EPSS
Exploits4References2
Cvelist
Cvelist
added 2022/03/25 9:40 p.m.19 views

CVE-2022-24784 Discoverability of user password hash in Statamic CMS

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...

3.7CVSS4.6AI score0.00994EPSS
Exploits0References3
Veracode
Veracode
added 2021/09/02 1:49 p.m.23 views

Insecure Encryption

showdoc/showdoc has insecure encryption. The vulnerability exists due to a hardcoded salt in its user password hash function...

4.9CVSS1.5AI score0.0046EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2019/07/28 4:15 p.m.16 views

Default credentials

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters...

4CVSS8.5AI score0.01263EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/01/03 12:0 a.m.42 views

openSUSE Security Update : GNU Health and it's dependencies (openSUSE-2017-6)

This update provides version 3.0.5 of GNU Health including several fixes and improvements. - Update to ICD10 version 2016. - Fix error when printing prescription using review dates. - Fix error on summary report when no date of birth is assigned to the person. Additionally the following...

5.3CVSS5.3AI score0.01819EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

PHP Advanced Transfer Manager 1.30 Remote Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15237/info PHP Advanced Transfer Manager can allow remote attackers to gain unauthorized access. Access to sensitive files containing authentication credentials is not restricted, therefore an attacker can simply issue a...

7.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2014/03/25 12:0 a.m.26 views

Kemana Directory 1.5.6 kemana_admin_passwd Cookie User Password Hash Disclosure

Summary Experience the ultimate directory script solution with Kemana. Create your own Yahoo or Dmoz easily with Kemana. Unique Kemana's features including: CMS engine based on our qEngine, multiple directories support, user friendly administration control panel, easy to use custom fields,...

5.8AI score
Exploits0
exploitpack
exploitpack
added 2005/09/15 12:0 a.m.11 views

phpWebSite 0.10.0 - module SQL Injection

phpWebSite 0.10.0 - module SQL Injection !/usr/bin/perl use LWP::Simple; $serv = $ARGV0; $path = $ARGV1; $name = $ARGV2; sub usage print "\nUsage: $0 server path username \n"; print "sever - URL\n"; print "path - path to index.php\n"; print "username - name register user\n\n"; exit ; sub work pri...

8.6AI score
Exploits0
securityvulns
securityvulns
added 2005/07/05 12:0 a.m.47 views

[Full-disclosure] Advisory 06/2005: Geeklog SQL Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Geeklog SQL Injection Vulnerability Release Date: 2005/07/05 Last Modified: 2005/07/05 Author: Stefan Esser [email protected] Application: Geeklog = 1.3.11 Severity: An...

0.9AI score
Exploits0
exploitpack
exploitpack
added 2004/11/11 12:0 a.m.10 views

Phorum 5.0.x - FOLLOW.php SQL Injection

Phorum 5.0.x - FOLLOW.php SQL Injection source: https://www.securityfocus.com/bid/11660/info Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input. This issue allows remote attackers t...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/11/29 12:0 a.m.39 views

[Hat-Squad] phpBB search_id injection exploit

Hello list, Here is the exploit code for phpbb 2.06 sql injection described in http://www.securityfocus.com/archive/1/345872 . It will return MD5 password hash of specified user as highlight variable for viewtopic.php in search results page...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2003/11/25 12:0 a.m.28 views

[Full-Disclosure] VieNuke VieBoard SQL Injection Vulnerability... again

--- http://www.securityfocus.com/bid/8967/info/ ... Solution: VieNuke has released a patch: http://www.vienuke.com/VieBoardPatch.zip ... --- http://www.securityfocus.com/bid/8967/solution/ ... VieNuke VieBoard 2.6 Beta 1: VieNuke Patch VieBoardPatch.zip http://www.vienuke.com/VieBoardPatch.zip...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2003/06/20 12:0 a.m.24 views

phpBB 2.0.5 SQL Injection password disclosure Exploit

No description provided by source. !/usr/bin/perl -w phpBB password disclosure vuln. - rick patel There is a sql injection vuln which exists in /viewtopic.php file. The variable is $topicid which gets passed directly to sql server in query. Attacker could pass a special sql string which can used ...

7.1AI score
Exploits0
Rows per page
Query Builder