205 matches found
Anonymous users can see page restriction data, exposing user ids and group names
If an user navigates to a page that has any kind of individual "editing" restriction but is of public view and then clicks on the padlock icon, he or she will see the Names, Uids of the users who are mentioned in the "edit" restriction or any groups part if the restriction. We think it is wrong t...
Anonymous users can see page restriction data, exposing user ids and group names
If an user navigates to a page that has any kind of individual "editing" restriction but is of public view and then clicks on the padlock icon, he or she will see the Names, Uids of the users who are mentioned in the "edit" restriction or any groups part if the restriction. We think it is wrong t...
Anonymous users can see page restriction data, exposing user ids and group names
If an user navigates to a page that has any kind of individual "editing" restriction but is of public view and then clicks on the padlock icon, he or she will see the Names, Uids of the users who are mentioned in the "edit" restriction or any groups part if the restriction. We think it is wrong t...
Anonymous leaks database from Israeli Musical Act Magazine site #OpIsrael
This Morning Anonymous member with twitter handle @OsamaTheGod leaked a huge database from server of Israeli Musical Act Magazine act.co.il. The leaked database posted on public note website and includes users ID, username, password in clear text, IP address and phone numbers. Hacker posted data ...
IBM WebSphere MQ File Transfer Edition Web Gateway CSRF
Exploit Author: Nir Valtman Description: Malicious user is able to add userspace, change permissions on existing userspace and add MQMD MQ Message Descriptor user IDs. All of the these vulnerabilities can be exploited using a CSRF Cross Site Request Forgery attack. Few days ago the CVE has been...
US Army's CECOM Data leaked by Hacker
US Army's CECOM Data leaked by Hacker Hacker Black Jester recently published contract information from a Web site connected to the U.S. Army Communications and Electronics Command CECOM. "30 record sets that include names, user IDs, physical addresses, email addresses, telephone numbers, and...
WordPress User IDs and User Names Disclosure
WordPress platforms use a parameter called author SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...
CVE-2011-1717
Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information...
Information disclosure
Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information...
CVE-2011-1717
Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information...
SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 7186)
PostgreSQL functions implemented in Perl or TCL shared a global state even across different user user ids. A user could therefore influence functions of other users in an unexpected or even malicious way. CVE-2010-3433 PostgreSQL was updated to version 8.1.22 which fixes the security issue...
Memorial Web Site Script Multiple Arbitrary Delete Vulnerability
Exploit for php platform in category web applications ================================================================ Memorial Web Site Script Multiple Arbitrary Delete Vulnerability ================================================================ Author : Chip D3 Bi0s Email :...
Memory corruption
GnuPG gpg 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."...
DEBIAN-CVE-2008-1530
GnuPG gpg 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."...
CVE-2008-1530
GnuPG gpg 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."...
CVE-2007-2720
Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for 1 message.php and 2 messages.php in modules/email/. NOTE: some of these details are obtained from third party information...
Information disclosure
Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for 1 message.php and 2 messages.php in modules/email/. NOTE: some of these details are obtained from third party information...
Design/Logic Flaw
Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks...
CVE-2005-4453
UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original 1 pUseruserid and 2 Useruserid parameters to UserProfile.aspx, then modifying the password field...
Synchrologic Email Accelerator User Account Information Disclosure
Synchrologic Email Accelerator is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...