22 matches found
EUVD-2009-0050
Malware in sbrugna...
CVE-2024-48932
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint http:///v1/users/name allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be...
CVE-2024-33856
An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint...
Design/Logic Flaw
A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames...
GHSA-579X-CJVR-CQJ9 Observable Response Discrepancy in Lost Password Service
Impact It is possible to enumerate usernames via the forgot password functionality Patches Update to version 10.1.3 or apply this patch manually: https://github.com/pimcore/pimcore/pull/10223.patch Workarounds Apply https://github.com/pimcore/pimcore/pull/10223.patch manually...
Protecting your organization against password spray attacks
When hackers plan an attack, they often engage in a numbers game. They can invest significant time pursing a single, high-value target—someone in the C-suite for example and do “spear phishing.” Or if they just need low-level access to gain a foothold in an organization or do reconnaissance, they...
Information Disclosure
symfony/symfony is vulnerable to information disclosure. The vulnerability exists as it was possible to enumerate usernames through the SwitchUserListener...
Information disclosure
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability...
CVE-2019-14278
In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page...
WPSeku - Simple Wordpress Security Scanner
WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. Usage | | \ \ /\ / / ' / |/ \ |/ / | | | \ V V /| | \ \ / | || | // | ./|/||\,| || -- WPSeku - Wordpress Security Scanner -- WPSeku - v0.1.0 -- Momo Outaadi...
Zendesk: SMTP user enumeration via mail.zendesk.com
Several methods exist that can be used to ██████████ SMTP to enumerate valid usernames and addresses; namely VRFY, EXPN, and RCPT TO. mail.zendesk.com does not reply to EXPN or RCPT TO so we will concentrate on VRFY in this report. The VRFY command will request that the receiving SMTP server veri...
http-wordpress-users NSE Script
Enumerates usernames in Wordpress blog/CMS installations by exploiting an information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others. Original advisory: Script Arguments http-wordpress-users.out If set it saves the username list in this file...
Authentication flaw
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests...
wordpress_enumerate_users
This plugin finds usernames in WordPress installations. The authors archive page is tried using "?author=ID" query and incrementing the ID for each request until 404. If the response is a redirect, the blog is affected by TALSOFT-2011-0526 http://seclists.org/fulldisclosure/2011/May/493 advisory...
Default credentials
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of logi...
Apache Tomcat: Multiple vulnerabilities
Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, ...
WPSCAN - WordPress Security & vulnerability Scanner
WPSCAN - WordPress Security & vulnerability Scanner WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach. Details Username enumeration from author querystring and location header Weak password cracking multithreaded Version enumeration...
CVE-2009-3727
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error message...
CVE-2009-2336
The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue,...
CVE-2009-2335
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior...