Lucene search
K

18 matches found

Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.15 views

PT-2026-42810

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.4 Description An unauthenticated SQL injection exists in the Bazar form-import functionality. An unauthenticated visitor can inject arbitrary SQL into an INSERT statement via the FormManager::create function. This...

9.8CVSS6AI score0.0004EPSS
Exploits0References7
OSV
OSV
added 2026/01/28 6:16 p.m.6 views

CVE-2020-36968

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...

6.5CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-18709

Malware in sbrugna...

4.9CVSS4.7AI score0.00963EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-45772

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00587EPSS
Exploits0References3
Huntr
Huntr
added 2023/08/16 9:41 a.m.19 views

Insufficient access control in the export functionality for the 'Groups' module exposing user password hashes

Description The web application incorrectly returns sensitive data to authenticated lower privileged users when making requests to export data from the 'Groups' module. This includes information such as the user's email address, password hash and whether two-factor authentication is configured...

4CVSS6.7AI score0.00562EPSS
Exploits1
NVD
NVD
added 2023/07/21 9:15 p.m.28 views

CVE-2023-37916

KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user including admin. A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users...

7.5CVSS6.6AI score0.00681EPSS
Exploits1References1
OSV
OSV
added 2022/05/02 6:18 a.m.13 views

GHSA-CGR9-H9QQ-X9FX TYPO3 Authentication Bypass via Salted user password hashes extension

Withdrawn: typo3/cms-saltedpasswords is not the correct package. See: https://github.com/github/advisory-database/pull/3488 The TYPO3 Security - Salted user password hashes t3secsaltedpw extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors...

7.5CVSS7AI score0.01483EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2021/09/02 12:0 a.m.22 views

Meow Gallery < 4.1.9 - Contributor+ SQL Injection

The plugin does not sanitise, validate or escape the ids attribute of its gallery shortcode available for users as low as Contributor before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that...

8.1CVSS1.7AI score0.01131EPSS
Exploits2Affected Software1
Prion
Prion
added 2017/10/03 1:29 a.m.21 views

Information disclosure

Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process...

2.1CVSS5.3AI score0.00338EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2016/11/09 12:0 a.m.2 views

Grimbb hash disclosure vulnerability

Grimbb is an open source PHP-based flat file electronic publishing version of the system . Grimbb version 1.3 has a hash information leakage vulnerability, the vulnerability stems from unauthorized access to the system's configuration file to store user information, an attacker can use this...

6.8AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

SebracCMS <= 0.4 - Multiple SQL Injection Vulnerabilities

No description provided by source. Name: SebracCMS Webiste: http://www.sebrac.netsons.org/cms/ Vulnerability type: SQL Injection Author: shinmai, 2008-06-28 Description: SebracCMS contains two major SQL injection vulnerabilities: Unsanitazed POST-variables in SQL queries when logging users in. Th...

7.1AI score
Exploits0
CVE
CVE
added 2010/03/19 6:35 p.m.47 views

CVE-2010-1022

The CVE-2010-1022 entry affects the TYPO3 extension t3sec_saltedpw before 0.2.13, allowing remote attackers to bypass authentication via unspecified vectors. The root cause is not detailed in the provided documents, but the vulnerability score is CVSSv2 base 7.5 (HIGH). Remediation: upgrade to ve...

7.5CVSS7.3AI score0.01483EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2006/04/28 12:0 a.m.28 views

confixx_exploit.pl.txt

sry - i know this isn't a cvs repository here - but the code posted yesterday was written after some 'b33r' an i made it looking a little less drunk this morning. bye defa ----BOF---- !/usr/bin/perl exploit for confixx professional = 3.1.2 the vulerability was discovered by: LoK Crew references:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/03/02 12:0 a.m.116 views

PHP Advanced Transfer Manager Download users password hashes

PHP Advanced Transfer Manager Download users password hashes PHP Advanced Transfer Manager 1. Site:http://phpatm.free.fr/ ---------------------------------------------------- Bugs: http://victim.com/path/users/username ---------------------------------------------------- example:...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2004/09/07 12:0 a.m.27 views

SAFE TEAM Regulus 2.2 - Staffile Information Disclosure

source: https://www.securityfocus.com/bid/11132/info SAFE TEAM Regulus is reported prone to an information disclosure vulnerability. It is reported that any user may make a request for the Regulus 'staffile' file hosted on a target server. This file contains a list of Regulus 'staff' users and...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/07/24 12:0 a.m.18 views

e107 db.php User Database Disclosure

The version of e107 installed on the remote host is affected by an information disclosure vulnerability because of a flaw in the 'admin/db.php' script. This can allow an unauthenticated, remote attacker to obtain a dump of the SQL database used by e107, by sending a specially crafted request. An...

6AI score
Exploits0References3
securityvulns
securityvulns
added 2003/07/10 12:0 a.m.50 views

Information Disclosure Vulnerability in board51, forum51 and news51

================================================ ------------------------------------------------ ------------www.bright-shadows.net------------ ------------------------------------------------ --------------theblacksheep&erik-------------- ------------------------------------------------...

6.6AI score
Exploits0
0day.today
0day.today
added 2003/06/20 12:0 a.m.65 views

phpBB 2.0.5 SQL Injection password disclosure Exploit

Exploit for unknown platform in category web applications ===================================================== phpBB 2.0.5 SQL Injection password disclosure Exploit ===================================================== !/usr/bin/perl -w phpBB password disclosure vuln. - rick patel There is a sql...

7.1AI score
Exploits0
Rows per page
Query Builder