167 matches found
GHSA-43FJ-QP3H-HRH5 Sync-in Server has Username Enumeration via Timing Attack
Summary The /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time. Details The logic flaw can be located at the below point in source:...
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the login process. An attacker can determine the existence of valid usernames by submitting login attempts and analyzing the differences in error messages returned by the system. Remediation Upgrade rucio-webui ...
CVE-2026-23901
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the JSONAuth.Auth function. An unauthenticated attacker can determine valid usernames by measuring the response time of the /api/login endpoint, exploiting the timing discrepancy between valid and invalid username...
PT-2026-7016
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...
CVE-2025-40806
A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack wit...
EUVD-2025-34831
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the...
EUVD-2006-0606
Malware in sbrugna...
EUVD-2000-1017
Malware in sbrugna...
EUVD-2017-17018
Malware in sbrugna...
EUVD-2000-1024
Malware in sbrugna...
EUVD-2002-0209
Malware in sbrugna...
EUVD-2018-17048
Malware in sbrugna...
EUVD-2005-3479
Malware in sbrugna...
EUVD-2000-0925
Malware in sbrugna...
EUVD-2009-0050
Malware in sbrugna...