EUVD-2006-1094

Malware in sbrugna...

EUVD-2006-0892

Malware in sbrugna...

CVE-2023-24688

An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled...

CVE-2023-24688

An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled...

Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update

The plugin does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the userscanregister and defaultrole,...

Multilist Subscribe for Sendy <= 1.6.1 - Subscriber+ Arbitrary Options Update

The plugin is using an outdated version of the Freemius library 1.2.2.9, which is known to be affected by a security issue allowing any authenticated users, such as subscriber to set arbitrary blog options As any authenticated user: Enable new user registrations:...

ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component

There is functionality in the plugin to add file uploads to user registrations and profile updates that had no file type checking in place making it possible for arbitrary files to be uploaded. PoC fh = open'shell.php', 'wb' fh.writeb'\xFF\xD8\xFF\xE0' + b'' fh.close 'Hax0r', 'regemail' =...

CVE-2021-32691

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...

Information disclosure

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...

CVE-2021-32691 Auto-merging Person Records Compromised

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...

Beijing Yilong Information Technology Co., Ltd Yilong Travel Network has a Logic Flaw Vulnerability

Yilong.com Information Technology Beijing Co., Ltd. is an enterprise that operates, researches, develops and produces computer hardware and software. Ltd. eLong Travel Network has a logic flaw vulnerability that can be exploited by attackers to cause arbitrary user registrations and reset arbitra...

CVE-2019-9879

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation...

CVE-2019-9879

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation...

Design/Logic Flaw

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation...

Pligg 9.9.5 'CAPTCHA' Registration Automation Security Bypass Weakness

No description provided by source. source: http://www.securityfocus.com/bid/30518/info Pligg is prone to a security-bypass weakness. Successfully exploiting this issue will allow an attacker to register multiple new users through an automated process. This may lead to other attacks. Pligg 9.9.5 i...

PT-2006-5082 · Jelsoft · Vbulletin

Name of the Vulnerable Software and Affected Versions: Jelsoft vBulletin version 3.5.4 Description: The issue allows remote attackers to register multiple arbitrary users, potentially causing a denial of service due to resource consumption. This can be achieved by sending a large number of reques...

CVE-2006-1090

register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations...

CVE-2006-1090

CVE-2006-1090 concerns PunBB 1.2.10. The vulnerability is described as allowing remote attackers to cause an unspecified denial of service through a flood of new user registrations submitted via register.php. The Connected documents confirm PunBB 1.2.10 as the affected version and point to a patc...