CVE-2019-25701

Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and...

SUSE CVE-2024-9312

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges...

CVE-2024-7127

Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting XSS attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthoris...

PT-2024-15643 · Cxbsoft · Cxbsoft Post-Office

Name of the Vulnerable Software and Affected Versions: CXBSoft Post-Office versions up to 1.0 Description: A critical issue was found in the HTTP POST Request Handler component, specifically in the file /apps/reg go.php. The manipulation of the username reg argument leads to sql injection. The...

HackerOne: Flawed account creation process allows registration of usernames corresponding to existing file names

The account creation process allows to set up account names corresponding to names of server ressources, e.g. I just successfully created an account robots.txt which results in a profile path of https://hackerone.com/robots.txt and results in an bugged account as accessing account settings etc is...