45 matches found
CVE-2026-26368
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user UGUSER to reset the password of arbitrary accounts, including those in the UGADMIN and UGSUPERADMIN groups, without...
EUVD-2020-10053
Malware in sbrugna...
EUVD-2017-4234
Malware in sbrugna...
EUVD-2019-15038
Malware in sbrugna...
EUVD-2020-23984
Malware in sbrugna...
EUVD-2018-4624
Malware in sbrugna...
CVE-2023-22518
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perfo...
CVE-2020-36498
Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...
CVE-2020-25562
In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent...
CVE-2019-5454
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account...
Code injection
Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to...
CVE-2022-46365 Apache StreamPark (incubating): Logic error causing any account reset
Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to...
CVE-2022-46365 Apache StreamPark (incubating): Logic error causing any account reset
Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to...
LDAP Tool Box Self Service Password v1.5.2 - Account takeover Vulnerability
Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users to change their...
Twitter reset account Private Method 0day Exploit
Twitter reset any Account Private Method Exploit...
Hotmail.com reset account 0day Exploit
Hotmail.com 0day Exploit can reset any email account...
CVE-2020-36498
Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...
CVE-2020-36498
Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...
Cross site scripting
Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...
CVE-2020-36498
Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...