Lucene search
+L

79 matches found

OSV
OSV
added 2020/06/22 10:15 p.m.7 views

CVE-2020-14944

Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser...

9.8CVSS7.3AI score0.06338EPSS
Exploits6References3
Exploit DB
Exploit DB
added 2017/08/12 12:0 a.m.84 views

AirMaster 3000M - Multiple Vulnerabilities

?php Exploit Title: AirMaster 3000M multiple Vulnerabilities Date: 2017/08/12 Exploit Author: Koorosh Ghorbani Author Homepage: http://8thbit.net/ Vendor Homepage: http://mobinnet.ir/ Software Version: V2.0.1B1044 Web Server: GoAhead-Webs/2.5.0 define'isDebug',false; define'specialCookie','Cookie...

7AI score
Exploits0
exploitpack
exploitpack
added 2017/03/19 12:0 a.m.10 views

FTPShell Server 6.56 - ChangePassword Buffer Overflow

FTPShell Server 6.56 - ChangePassword Buffer Overflow print ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: FTPShell Server 6.56 ChangePassword DEP off BufferOverflow 0Day Date: 2017.03.19 Exploit Author: Greg Priest Version: FTPShell Server 6.56...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2017/03/19 12:0 a.m.40 views

FTPShell Server 6.56 - 'ChangePassword' Buffer Overflow

print ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: FTPShell Server 6.56 ChangePassword DEP off BufferOverflow 0Day Date: 2017.03.19 Exploit Author: Greg Priest Version: FTPShell Server 6.56 Tested on: Windows7 x64 HUN/ENG Enterprise ''' overflow...

7.4AI score
Exploits0
CVE
CVE
added 2016/02/18 10:0 p.m.64 views

CVE-2015-5970

Novell ZENworks Configuration Management (ZCM) versions 11.3 and 11.4 are affected by an information-disclosure vulnerability in the ChangePassword RPC. The root cause is XPath injection triggered by malformed queries that reference a system entity, allowing an unauthenticated, remote attacker to...

5.3CVSS5.4AI score0.01272EPSS
Exploits0References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2016/02/11 12:0 a.m.29 views

Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary text files on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChangePassword RPC method. By providing a malformed query, an attacker ca...

5CVSS5.9AI score0.01272EPSS
Exploits0References1
exploitpack
exploitpack
added 2015/04/02 12:0 a.m.25 views

WebGate WESP SDK 1.2 - ChangePassword Stack Overflow

WebGate WESP SDK 1.2 - ChangePassword Stack Overflow var arg1 = ""; var arg2 = "PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i248; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; //WESPConfig.dll0x10022f35 = pop pop pop ret var seh = "\x3d\x2f\x02\x10"; for i=0;i80; i++ nops +...

0.5AI score
Exploits0
0day.today
0day.today
added 2015/04/02 12:0 a.m.22 views

Webgate WESP SDK 1.2 ChangePassword Stack Overflow Exploit

Exploit for windows platform in category remote exploits var arg1 = ""; var arg2 = "PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i248; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; //WESPConfig.dll0x10022f35 = pop pop pop ret var seh = "\x3d\x2f\x02\x10"; for i=0;i80; i++ no...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2015/04/02 12:0 a.m.44 views

WebGate WESP SDK 1.2 - ChangePassword Stack Overflow

var arg1 = ""; var arg2 = "PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i248; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; //WESPConfig.dll0x10022f35 = pop pop pop ret var seh = "\x3d\x2f\x02\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...

7.4AI score
Exploits0
Prion
Prion
added 2015/03/09 2:59 p.m.12 views

Buffer overflow

Multiple buffer overflows in WebGate Embedded Standard Protocol WESP SDK allow remote attackers to execute arbitrary code via unspecified vectors to the 1 LoadImage or 2 LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, 3 ChangePassword function in the WESPCONFIGLib.UserItem...

7.5CVSS8.3AI score0.2414EPSS
Exploits4References12
Tenable Nessus
Tenable Nessus
added 2014/05/09 12:0 a.m.26 views

Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:083)

Updated mediawiki packages fix security vulnerabilities : Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity CVE-2014-2665. XSS vulnerability in...

4CVSS8.1AI score0.0106EPSS
Exploits1References3
seebug.org
seebug.org
added 2014/04/08 12:0 a.m.29 views

MediaWiki 'Special:ChangePassword'跨站请求伪造漏洞

Bugtraq ID:66600 CVE ID:CVE-2014-2665 MediaWiki是一款Wiki程序。 MediaWiki 'Special:ChangePassword'存在跨站请求伪造漏洞,允许远程攻击者构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。 0 MediaWiki 1.22.5 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://bugzilla.wikimedia.org/showbug.cgi?id=62497...

4CVSS0.2AI score0.0106EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/04/02 12:0 a.m.29 views

MediaWiki < 1.19.14 / 1.21.8 / 1.22.5 ChangePassword XSRF

According to its version number, the instance of MediaWiki running on the remote host is affected by a cross-site request forgery vulnerability. A flaw exists with Special:ChangePassword within the includes/specials/SpecialChangePassword.php script where HTTP requests do not require explicit...

4CVSS8.1AI score0.0106EPSS
Exploits1References9
OSV
OSV
added 2013/11/18 2:55 a.m.7 views

UBUNTU-CVE-2013-2032

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks...

5CVSS5.8AI score0.0251EPSS
Exploits0References3
Prion
Prion
added 2012/08/26 6:55 p.m.12 views

Session fixation

The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HT...

6.8CVSS7.2AI score0.01223EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2008/10/03 10:22 p.m.14 views

Authentication flaw

changepassword.php in Phlatline's Personal Information Manager pPIM 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords...

7.5CVSS7.4AI score0.02986EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2005/01/10 5:0 a.m.13 views

CVE-2004-1263

changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program...

7.2CVSS7.2AI score0.00375EPSS
Exploits0References2
CVE
CVE
added 2004/12/22 5:0 a.m.42 views

CVE-2004-1263

The CVE-2004-1263 issue affects ChangePassword 0.8. When installed setuid, local users can cause arbitrary code execution by manipulating the PATH to reference a malicious make program. The vulnerability stems from overriding PATH, allowing a locally executed, attacker-provided make to run with e...

7.2CVSS7.6AI score0.00375EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2004/12/20 12:0 a.m.29 views

DilAurDimag-Advisory-07-20-12-2004.txt

------------------------------------------------------------------------------------ DilAurDimag - Advisory 07 - 20/12/04 ------------------------------------------------------------------------------------ Program: ChangePassword, a YP/Samba/Squid password-changing tool Homepage:...

7.4AI score
Exploits0
Rows per page
Query Builder