26 matches found
CVE-2018-25350
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing...
CVE-2018-25350 userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing...
CVE-2018-25350
CVE-2018-25350 affects userSpice 4.3.24. An unauthenticated attacker can enumerate valid usernames by POSTing to existingUsernameCheck.php and inspecting the response for the string 'taken'. The vulnerability enables username discovery with network access and low attack complexity, impacting conf...
EUVD-2018-21874
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing...
CVE-2018-25350
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing...
CVE-2018-25349 userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header
userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...
CVE-2018-25349
userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...
CVE-2018-25349 userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header
userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...
UserSpice 跨站脚本漏洞
UserSpice is an open-source PHP framework for user management and identity authentication developed by UserSpice. Version 4.3.24 of userSpice contains a cross-site scripting vulnerability. This vulnerability stems from the injection of malicious scripts through the X-Forwarded-For HTTP header,...
UserSpice 安全漏洞
UserSpice is an open-source PHP framework for user management and identity authentication. Version 4.3.24 of UserSpice contains a security vulnerability that stems from username enumeration. This vulnerability could allow unauthenticated attackers to discover valid usernames by sending POST...
UserSpice Username Enumeration
A vulnerability exists in userSpice. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
userSpice 4.3.24 X-Forwarded-For Cross Site Scripting
Exploit Title: userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu Payload will get executed when admin visits the audit log page !/usr/bin/perl use strict; use LWP::UserAgent;...
userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting
Exploit Title: userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu Payload will get executed when admin visits the audit log page !/usr/bin/perl use strict; use LWP::UserAgent;...
userSpice 4.3.24 - Username Enumeration
Exploit Title: userSpice 4.3.24 - Username Enumeration Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration" if lensys.argv != 3: print 'Usage:',...
userSpice 4.3.24 Username Enumeration
Exploit Title: userSpice 4.3.24 - Username Enumeration Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration" if lensys.argv != 3: print 'Usage:',...
userSpice 4.3.24 - Username Enumeration
userSpice 4.3.24 - Username Enumeration Exploit Title: userSpice 4.3.24 - Username Enumeration Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration"...
userSpice 4.3.24 - X-Forwarded-For Cross-Site Scripting Exploit
Exploit for php platform in category web applications Exploit Title: userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu Payload will get executed when admin visits the audit log page...
userSpice 4.3.24 - Username Enumeration Exploit
Exploit for php platform in category web applications Exploit Title: userSpice 4.3.24 - Username Enumeration Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration" if...
userSpice 4.3.24 - X-Forwarded-For Cross-Site Scripting
userSpice 4.3.24 - X-Forwarded-For Cross-Site Scripting Exploit Title: userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu Payload will get executed when admin visits the audit...
UserSpice 4.3 - Blind SQL Injection Exploit
Exploit for php platform in category web applications !/usr/env/python """ Application UserSpice PHP user management Vulnerability UserSpice = 4.3 Blind SQL Injection exploit URL https://userspice.com Date 1.2.2018 Author Dolev Farhi About the App: What makes userspice different from almost any...