19 matches found
CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
CVE-2024-5657
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...
ALSA-2024:3754 Important: ipa security update
AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: delegation rules allow a proxy service to impersonate any user to access another target service...
RHEL 7 : ipa (RHSA-2024:3760)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3760 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based...
CVE-2022-3090
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This coul...
GHSA-52J9-V3JC-9XGC Tryton allows users to read the hashed password
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...
CVE-2021-45841
In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...
CVE-2022-24784 Discoverability of user password hash in Statamic CMS
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...
Insecure Encryption
showdoc/showdoc has insecure encryption. The vulnerability exists due to a hardcoded salt in its user password hash function...
Default credentials
EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters...
openSUSE Security Update : GNU Health and it's dependencies (openSUSE-2017-6)
This update provides version 3.0.5 of GNU Health including several fixes and improvements. - Update to ICD10 version 2016. - Fix error when printing prescription using review dates. - Fix error on summary report when no date of birth is assigned to the person. Additionally the following...
PHP Advanced Transfer Manager 1.30 Remote Unauthorized Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15237/info PHP Advanced Transfer Manager can allow remote attackers to gain unauthorized access. Access to sensitive files containing authentication credentials is not restricted, therefore an attacker can simply issue a...
Kemana Directory 1.5.6 kemana_admin_passwd Cookie User Password Hash Disclosure
Summary Experience the ultimate directory script solution with Kemana. Create your own Yahoo or Dmoz easily with Kemana. Unique Kemana's features including: CMS engine based on our qEngine, multiple directories support, user friendly administration control panel, easy to use custom fields,...
phpWebSite 0.10.0 - module SQL Injection
phpWebSite 0.10.0 - module SQL Injection !/usr/bin/perl use LWP::Simple; $serv = $ARGV0; $path = $ARGV1; $name = $ARGV2; sub usage print "\nUsage: $0 server path username \n"; print "sever - URL\n"; print "path - path to index.php\n"; print "username - name register user\n\n"; exit ; sub work pri...
[Full-disclosure] Advisory 06/2005: Geeklog SQL Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Geeklog SQL Injection Vulnerability Release Date: 2005/07/05 Last Modified: 2005/07/05 Author: Stefan Esser [email protected] Application: Geeklog = 1.3.11 Severity: An...
Phorum 5.0.x - FOLLOW.php SQL Injection
Phorum 5.0.x - FOLLOW.php SQL Injection source: https://www.securityfocus.com/bid/11660/info Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input. This issue allows remote attackers t...
[Hat-Squad] phpBB search_id injection exploit
Hello list, Here is the exploit code for phpbb 2.06 sql injection described in http://www.securityfocus.com/archive/1/345872 . It will return MD5 password hash of specified user as highlight variable for viewtopic.php in search results page...
[Full-Disclosure] VieNuke VieBoard SQL Injection Vulnerability... again
--- http://www.securityfocus.com/bid/8967/info/ ... Solution: VieNuke has released a patch: http://www.vienuke.com/VieBoardPatch.zip ... --- http://www.securityfocus.com/bid/8967/solution/ ... VieNuke VieBoard 2.6 Beta 1: VieNuke Patch VieBoardPatch.zip http://www.vienuke.com/VieBoardPatch.zip...
phpBB 2.0.5 SQL Injection password disclosure Exploit
No description provided by source. !/usr/bin/perl -w phpBB password disclosure vuln. - rick patel There is a sql injection vuln which exists in /viewtopic.php file. The variable is $topicid which gets passed directly to sql server in query. Attacker could pass a special sql string which can used ...