Exploit for Incorrect User Management in Portainer

Portainer CVE-2024-29296 Proof of Concept Script Requireme...

CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)

On February 25, 2022, GitLab published a fix for CVE-2021-4191, which is an instance of CWE-359, "Exposure of Private Personal Information to an Unauthorized Actor." The now-patched vulnerability affected GitLab versions since 13.0. The vulnerability is the result of a missing authentication chec...

Endless Group: Enumeration of username on password reset page

Summary: Reset password page api call, can be used to enumerate usernames based on the error message Steps To Reproduce: add details for how we can reproduce the issue 1. Go to password reset page 2. Enter username and click submit 3. Check email for password reset code, open the url in any brows...

CVE-2017-18465

cPanel before 62.0.17 does not have a sufficient list of reserved usernames SEC-227...

wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS)

WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition Java EE specification. It runs on multiple platforms. WildFly is free and open-source...

Crowbar - Brute Forcing Tool (SSH, OpenVPN, RDP, VNC)

Crowbar formally known as Levye is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH...

Nmap NSE net: http-userdir-enum

Attempts to enumerate valid usernames on web servers running with the moduserdir module or similar enabled. The Apache moduserdir module allows user-specific directories to be accessed using the http://example.com/user/ syntax. This script makes http requests in order to discover valid user-...