53 matches found
Security feature bypass
Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
CVE-2020-26526
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid "Unable to find an APIDomain" versus "Wrong email or password"...
Crooks Tap Google Firebase in Fresh Phishing Tactic
A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways. Google Firebase is a mobile and web application development platfor...
CVE-2019-10197
A flaw was found in samba when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside of the share. Mitigation The following methods can be used as a mitigation only...
Design/Logic Flaw
An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 Username Enumeration an adversary...
Finger Service User Enumerator
Identify valid users through the finger service using a variety of tricks This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Finger Service User Enumerator', 'Description' = 'Identify valid users...
Design/Logic Flaw
Unspecified vulnerability in the Secure Shell SSH in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout...
Outlook Web anonymous access
It is possible to browse the information of the OWA server by accessing as an anonymous user with the following URL: http://www.example.com/exchange/root.asp?acs=anon After this access, the anonymous user can search for valid users in the OWA server and can enumerate all users by accessing the...
CVE-2005-2591
Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability...
CUPS 1.1.x - Cupsd Request Method Denial of Service
CUPS 1.1.x - Cupsd Request Method Denial of Service source: https://www.securityfocus.com/bid/7637/info The cupsd has been reported prone to a denial of service vulnerability. Reportedly the cupsd does not adequately apply a time-out process for malicious HTTP requests and service is denied to...
Firewall-1 usernames detection
PKI aggressive mode replies are different for existing and non-existing usernames...
CVE-1999-0407
CVE-1999-0407 affects Microsoft IIS 4.0. A default virtual directory /IISADMPWD contains files that can be used as proxies for brute-forcing credentials or identifying valid users. In Nessus data, these files (aexp2.htr, aexp2b.htr, aexp3.htr, aexp4.htr) can enable brute-force login attempts; one...
CVE-2000-0284
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands...