A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts.
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request.
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. At
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid use
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web ap
A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for v
SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid
User enumeration in ESET Protect (on-prem) via Response Timing.
REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password funct
The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administra
Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.
GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames t
Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserve
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.
The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administra
Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or
Page 1+ Next →