Improper account password reset in Craft CMS

Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must...

MCS-provisioned VDA dropped out of the domain after OS upgrade

Following an OS upgrade, MCS-provisioned VDAs leave their domain on reboot. You may also observe computer account password resets at that time...

CVE-2017-16631

In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...

CVE-2017-16631

In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...

Default credentials

In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...

CVE-2017-16631

In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...

CVE-2017-16631

In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...

CVE-2017-16631

In SapphireIMS 4097_1, an Insecure Direct Object Reference (IDOR) in the Account Password Reset feature allows a guest user to change an administrative user’s password. Root cause: IDOR exposure enabling unauthorized password reset. Impact: unauthorized admin credential modification. Exploitation...

Logic Flaw Vulnerability in Hsing Yun Butler

Line Cloud Manager is a cloud computing management platform launched by Shenzhen AoGuan Software Co. There is a logic flaw vulnerability in Hsing Yun Butler. Attackers can use it to bypass server authentication, reset account passwords, and obtain sensitive information...

CVE-2017-12695

An Improper Authentication issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password...

Cambium ePMP 1000 Account Password Reset

This module exploits an access control vulnerability in Cambium ePMP device management portal. It requires any one of the following non-admin login credentials - installer/installer, home/home - to reset password of other existing users including 'admin'. All versions 'Cambium ePMP 1000 Account...