22 matches found
CVE-2026-28480
OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with...
EUVD-2005-1407
Malware in sbrugna...
EUVD-2002-0318
Malware in sbrugna...
CVE-2012-2351
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username...
CVE-2005-1404
MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the 1 nbuser parameter to post.php or 2 sender parameter to privmsg.php...
Authd 安全漏洞
Authd is a cloud-based authentication daemon for identity providers in the Ubuntu open source. A security vulnerability exists in Authd versions prior to 0.3.6 that stems from insufficient randomization of user IDs to prevent conflicts, allowing a local attacker with a registered username to spoo...
CVE-2021-3754
CVE-2021-3754 affects Keycloak (and Red Hat SSO) where improper input validation allows a user to register with a username identical to an existing user’s email. Root cause: usernames are evaluated before emails, enabling email-as-username misuse. Impact documented in advisories includes password...
Username spoofing in OnionShare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. - Vulnerability ID: OTF-005 - Vulnerability type: Improper Input Sanitization -...
CVE-2022-21696 Username spoofing in OnionShare
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the nam...
CVE-2022-21696 Username spoofing in OnionShare
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the nam...
DEBIAN-CVE-2017-7650
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access...
MGASA-2017-0024 Updated shadow-utils packages fix security vulnerabilities
It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...
Linux-PAM 0.77 Pam_Wheel Module getlogin() Username Spoofing Privileged Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7929/info A vulnerability has been discovered in the Linux-Pam pamwheel module. The problem exists in the way the module authenticates users under certain configurations. Specifically, if the module is configured to allow...
HFS HTTP File Server 1.5/2.x Multiple Security Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a...
hfshack.txt
!/usr/bin/python """ ---------------------------------------------------------------- HFSHack 1.0b By Felipe M. Aragon And Alec Storm ---------------------------------------------------------------- CVE-2008-0409 - Cross-Site Scripting XSS and Host Field XSS CVE-2008-0410 - Information Disclosure...
Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability
Syhunt: HFS HTTP File Server Username Spoofing and Log Forging/Injection Vulnerability Advisory-ID: 200801163 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 1.5g to and including 2.3Beta Build 174; and possibly HFS version 1.5f Non-Affected Applications: HFS 1.5e and...
Rejetto HTTP File Server (HFS) 1.52.x - Multiple Vulnerabilities
Rejetto HTTP File Server HFS 1.52.x - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a...
Rejetto HTTP File Server (HFS) 1.5/2.x - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a username-spoofing issue, and a...
CVE-2005-1404
MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the 1 nbuser parameter to post.php or 2 sender parameter to privmsg.php...
CVE-2005-1404
MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the 1 nbuser parameter to post.php or 2 sender parameter to privmsg.php...