205 matches found
CVE-2025-24506
A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types...
CVE-2025-24506
A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types...
CVE-2025-24506
A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types...
CVE-2025-24506
Broadcom Symantec Privileged Access Management (PAM) is cited as affected by CVE-2025-24506. The connected PT-2025-5378 entry states: a specific authentication strategy allows learning the IDs of PAM users associated with certain authentication types, but it does not specify affected versions and...
CVE-2024-56433
shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...
PT-2024-36816
Name of the Vulnerable Software and Affected Versions shadow-utils versions 4.4 through 4.17.0 Description The issue arises from the default /etc/subuid behavior established by shadow-utils, which can conflict with the uids of users defined on locally administered networks. This conflict can...
CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...
CVE-2024-50651
javashop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter...
GHSA-4GFW-WF7C-W6G2 Authd allows attacker-controlled usernames to yield controllable UIDs
CVE description: Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. ----- original report ----- Cause authd assigns user IDs as a pure function of the us...
Authd allows attacker-controlled usernames to yield controllable UIDs
CVE description: Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. ----- original report ----- Cause authd assigns user IDs as a pure function of the us...
Insecure Direct Object Reference (IDOR)
aimeos/ai-controller-frontend is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to a lack of proper access control and authorization checks, allowing attackers to manipulate object references like user IDs without verification...
PayPal,Credit Card and Debit Card Payment SQL注入漏洞
PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe individual developer. A SQL injection vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can use this vulnerability to send a specially crafted quer...
CVE-2024-38495 Symantec Privileged Access Manager User Enumeration vulnerability
A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database...
CVE-2024-32879
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...
CVE-2024-32879 social-auth-app-django Improper Handling of Case Sensitivity vulnerability
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...
CVE-2023-52159
creationtimestamp| type| source ---|---|--- 2024-03-18 03:26:43+00:00| seen| https://t.me/ctinow/210132 2024-03-18 03:26:51+00:00| seen| https://t.me/ctinow/210137...
CVE-2024-2179
creationtimestamp| type| source ---|---|--- 2024-03-05 22:26:26+00:00| seen| https://t.me/ctinow/200761 2024-03-05 22:32:16+00:00| seen| https://t.me/ctinow/200771...
CVE-2024-1748
creationtimestamp| type| source ---|---|--- 2024-02-22 21:26:11+00:00| seen| https://t.me/ctinow/191182 2024-02-22 21:26:15+00:00| seen| https://t.me/ctinow/191186 2024-03-13 13:36:38+00:00| seen| https://t.me/ctinow/206670...
Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover
Description The plugin does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts. PoC 1. ADMIN: Install Formidable Pro plugin 2. ADMIN: Install...
CVE-2022-22506
IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293...