USN-8067-1: Mailman vulnerability

It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin request CSRF attack and set a new admin password or make other changes...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in getContent in ActionReportResultHtmlProvider.java‎, which is accessible via the REST Management Interface. An attacker can cause an administrator to change the admin password by convincing them to follow a...

Microhard IPn4G Cellular Gateways Cross-Site Request Forgery (CVE-2018-25149)

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

CVE-2018-25155 Teradek Slice 7.3.15 Cross-Site Request Forgery via Password Change

Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user...

CVE-2020-23836

A Cross-Site Request Forgery CSRF vulnerability in edituser.php in OSWAPP Warehouse Inventory System aka OSWA-INV through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site...

Intelligent Baseboard Management Controller elevation of privilege vulnerability in multiple Huawei products (CNVD-2018-11504)

Huawei 1288H V5 and others are different models of server equipment from Huawei, China.Intelligent Baseboard Management Controller iBMC is one of the embedded server intelligent management system. A security vulnerability exists in iBMC in several Huawei products, which stems from the program...