Lucene search
K

205 matches found

Atlassian
Atlassian
added 2013/02/15 4:53 p.m.20 views

Anonymous users can see page restriction data, exposing user ids and group names

If an user navigates to a page that has any kind of individual "editing" restriction but is of public view and then clicks on the padlock icon, he or she will see the Names, Uids of the users who are mentioned in the "edit" restriction or any groups part if the restriction. We think it is wrong t...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/15 4:53 p.m.19 views

Anonymous users can see page restriction data, exposing user ids and group names

If an user navigates to a page that has any kind of individual "editing" restriction but is of public view and then clicks on the padlock icon, he or she will see the Names, Uids of the users who are mentioned in the "edit" restriction or any groups part if the restriction. We think it is wrong t...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/15 4:53 p.m.17 views

Anonymous users can see page restriction data, exposing user ids and group names

If an user navigates to a page that has any kind of individual "editing" restriction but is of public view and then clicks on the padlock icon, he or she will see the Names, Uids of the users who are mentioned in the "edit" restriction or any groups part if the restriction. We think it is wrong t...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2012/12/16 9:43 p.m.19 views

Anonymous leaks database from Israeli Musical Act Magazine site #OpIsrael

This Morning Anonymous member with twitter handle @OsamaTheGod leaked a huge database from server of Israeli Musical Act Magazine act.co.il. The leaked database posted on public note website and includes users ID, username, password in clear text, IP address and phone numbers. Hacker posted data ...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2012/08/13 12:0 a.m.63 views

IBM WebSphere MQ File Transfer Edition Web Gateway CSRF

Exploit Author: Nir Valtman Description: Malicious user is able to add userspace, change permissions on existing userspace and add MQMD MQ Message Descriptor user IDs. All of the these vulnerabilities can be exploited using a CSRF Cross Site Request Forgery attack. Few days ago the CVE has been...

6.8CVSS0.01085EPSS
Exploits2
The Hacker News
The Hacker News
added 2012/03/22 7:27 p.m.6 views

US Army's CECOM Data leaked by Hacker

US Army's CECOM Data leaked by Hacker Hacker Black Jester recently published contract information from a Web site connected to the U.S. Army Communications and Electronics Command CECOM. "30 record sets that include names, user IDs, physical addresses, email addresses, telephone numbers, and...

6.5AI score
Exploits0
OpenVAS
OpenVAS
added 2011/08/24 12:0 a.m.23 views

WordPress User IDs and User Names Disclosure

WordPress platforms use a parameter called author SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

7.3AI score
Exploits0References1
NVD
NVD
added 2011/04/18 6:55 p.m.21 views

CVE-2011-1717

Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information...

2.1CVSS6.2AI score0.00292EPSS
Exploits1References4
Prion
Prion
added 2011/04/18 6:55 p.m.16 views

Information disclosure

Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information...

2.1CVSS6.7AI score0.00292EPSS
Exploits1References4
Cvelist
Cvelist
added 2011/04/18 6:0 p.m.28 views

CVE-2011-1717

Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information...

6.2AI score0.00292EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2010/10/20 12:0 a.m.33 views

SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 7186)

PostgreSQL functions implemented in Perl or TCL shared a global state even across different user user ids. A user could therefore influence functions of other users in an unexpected or even malicious way. CVE-2010-3433 PostgreSQL was updated to version 8.1.22 which fixes the security issue...

6CVSS8.1AI score0.03331EPSS
Exploits0References2
0day.today
0day.today
added 2010/04/23 12:0 a.m.18 views

Memorial Web Site Script Multiple Arbitrary Delete Vulnerability

Exploit for php platform in category web applications ================================================================ Memorial Web Site Script Multiple Arbitrary Delete Vulnerability ================================================================ Author : Chip D3 Bi0s Email :...

7.1AI score
Exploits0
Prion
Prion
added 2008/03/27 11:44 p.m.13 views

Memory corruption

GnuPG gpg 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."...

9.3CVSS8.4AI score0.04041EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2008/03/27 11:44 p.m.2 views

DEBIAN-CVE-2008-1530

GnuPG gpg 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."...

9.3CVSS8AI score0.04041EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2008/03/27 11:0 p.m.39 views

CVE-2008-1530

GnuPG gpg 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."...

9.3CVSS7.5AI score0.04041EPSS
Exploits0
NVD
NVD
added 2007/05/16 7:28 p.m.10 views

CVE-2007-2720

Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for 1 message.php and 2 messages.php in modules/email/. NOTE: some of these details are obtained from third party information...

4.3CVSS6.3AI score0.01114EPSS
Exploits0References5
Prion
Prion
added 2007/05/16 7:28 p.m.13 views

Information disclosure

Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for 1 message.php and 2 messages.php in modules/email/. NOTE: some of these details are obtained from third party information...

4.3CVSS6.8AI score0.01114EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2006/04/13 10:2 p.m.23 views

Design/Logic Flaw

Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks...

2.6CVSS7AI score0.01908EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2005/12/21 11:3 a.m.16 views

CVE-2005-4453

UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original 1 pUseruserid and 2 Useruserid parameters to UserProfile.aspx, then modifying the password field...

9CVSS6.7AI score0.02891EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.9 views

Synchrologic Email Accelerator User Account Information Disclosure

Synchrologic Email Accelerator is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2AI score
Exploits0
Rows per page
Query Builder