Lucene search
K

22 matches found

OSV
OSV
added 2026/03/05 10:16 p.m.6 views

CVE-2026-28480

OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with...

6.5CVSS5.8AI score
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-1407

Malware in sbrugna...

5CVSS6.4AI score0.01604EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-0318

Malware in sbrugna...

5CVSS6.4AI score0.03281EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 12:9 p.m.9 views

CVE-2012-2351

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username...

5CVSS6.9AI score0.0207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:38 p.m.9 views

CVE-2005-1404

MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the 1 nbuser parameter to post.php or 2 sender parameter to privmsg.php...

5CVSS7.1AI score0.01604EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.3 views

Authd 安全漏洞

Authd is a cloud-based authentication daemon for identity providers in the Ubuntu open source. A security vulnerability exists in Authd versions prior to 0.3.6 that stems from insufficient randomization of user IDs to prevent conflicts, allowing a local attacker with a registered username to spoo...

7.5CVSS7AI score0.0028EPSS
Exploits1References4
CVE
CVE
added 2022/08/26 3:25 p.m.111 views

CVE-2021-3754

CVE-2021-3754 affects Keycloak (and Red Hat SSO) where improper input validation allows a user to register with a username identical to an existing user’s email. Root cause: usernames are evaluated before emails, enabling email-as-username misuse. Impact documented in advisories includes password...

5.3CVSS5.1AI score0.01843EPSS
Exploits1References2Affected Software2
Github Security Blog
Github Security Blog
added 2022/01/21 11:20 p.m.28 views

Username spoofing in OnionShare

Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. - Vulnerability ID: OTF-005 - Vulnerability type: Improper Input Sanitization -...

4.3CVSS0.6AI score0.00708EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/18 7:55 p.m.5 views

CVE-2022-21696 Username spoofing in OnionShare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the nam...

4.3CVSS7.1AI score0.00708EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/01/18 7:55 p.m.25 views

CVE-2022-21696 Username spoofing in OnionShare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the nam...

4.3CVSS4.9AI score0.00708EPSS
Exploits0References2
OSV
OSV
added 2017/09/11 4:29 p.m.2 views

DEBIAN-CVE-2017-7650

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access...

6.5CVSS6.9AI score0.02472EPSS
Exploits2References1
OSV
OSV
added 2017/01/27 8:30 p.m.9 views

MGASA-2017-0024 Updated shadow-utils packages fix security vulnerabilities

It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...

7.8CVSS7.5AI score0.00409EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Linux-PAM 0.77 Pam_Wheel Module getlogin() Username Spoofing Privileged Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7929/info A vulnerability has been discovered in the Linux-Pam pamwheel module. The problem exists in the way the module authenticates users under certain configurations. Specifically, if the module is configured to allow...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.38 views

HFS HTTP File Server 1.5/2.x Multiple Security Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a...

10CVSS6.5AI score0.03568EPSS
Exploits11
Packet Storm
Packet Storm
added 2008/01/24 12:0 a.m.40 views

hfshack.txt

!/usr/bin/python """ ---------------------------------------------------------------- HFSHack 1.0b By Felipe M. Aragon And Alec Storm ---------------------------------------------------------------- CVE-2008-0409 - Cross-Site Scripting XSS and Host Field XSS CVE-2008-0410 - Information Disclosure...

10CVSS6.4AI score0.03568EPSS
Exploits11
securityvulns
securityvulns
added 2008/01/24 12:0 a.m.68 views

Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability

Syhunt: HFS HTTP File Server Username Spoofing and Log Forging/Injection Vulnerability Advisory-ID: 200801163 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 1.5g to and including 2.3Beta Build 174; and possibly HFS version 1.5f Non-Affected Applications: HFS 1.5e and...

6.4CVSS6.6AI score0.01707EPSS
Exploits7
exploitpack
exploitpack
added 2008/01/23 12:0 a.m.36 views

Rejetto HTTP File Server (HFS) 1.52.x - Multiple Vulnerabilities

Rejetto HTTP File Server HFS 1.52.x - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a...

10CVSS0.5AI score0.03568EPSS
Exploits11
Exploit DB
Exploit DB
added 2008/01/23 12:0 a.m.57 views

Rejetto HTTP File Server (HFS) 1.5/2.x - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a username-spoofing issue, and a...

10CVSS6.4AI score0.03568EPSS
Exploits11
NVD
NVD
added 2005/05/03 4:0 a.m.18 views

CVE-2005-1404

MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the 1 nbuser parameter to post.php or 2 sender parameter to privmsg.php...

5CVSS6.7AI score0.01604EPSS
Exploits1References6
Cvelist
Cvelist
added 2005/05/03 4:0 a.m.20 views

CVE-2005-1404

MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the 1 nbuser parameter to post.php or 2 sender parameter to privmsg.php...

6.7AI score0.01604EPSS
Exploits1References6
Rows per page
Query Builder