relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.