CVE-2020-35358

DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access t...

CVE-2020-35358

CVE-2020-35358 affects DomainMOD domainmod-v4.15.0 and is caused by an insufficient session expiration mechanism: after a password change, sessions authenticated with the new password and those using the old password remain active in other browsers/devices. Documents describe multiple reports (RH...

Domainmod 代码问题漏洞

Domainmod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets from the Domainmod community. A security vulnerability exists in DomainMOD domainmod-v4.15.0, which stems from an insufficient session expiration vulnerability. An...

DomainMOD < 4.14.0 Multiple Vulnerabilities

DomainMOD is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:domainmod:domainmod"; if...

CVE-2019-9080

DomainMOD before 4.14.0 uses MD5 without a salt for password storage...

CVE-2019-9080

DomainMOD before 4.14.0 uses MD5 without a salt for password storage...

Design/Logic Flaw

DomainMOD before 4.14.0 uses MD5 without a salt for password storage...

CVE-2019-9080

DomainMOD before 4.14.0 uses MD5 without a salt for password storage...

CVE-2019-9080

DomainMOD vulnerable component: DomainMOD before 4.14.0. Root cause: password storage uses MD5 without a salt, leading to weak password hashing. Impact described as high in CVSS-3.1 (C:H, I:N, A:N) with network access and no user interaction required; offline password attacks are implied by unsal...

CVE-2020-12735

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover...

CVE-2020-12735

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover...

Design/Logic Flaw

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover...

CVE-2020-12735

DomainMOD 4.13.0 suffers a vulnerability in reset.php due to insufficient entropy in password reset requests, which can lead to account takeover. Affected component: reset functionality in DomainMOD; root cause described as low-entropy or predictable reset token handling. CVSS data is provided (b...

CVE-2020-12735

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover...

DomainMod Security Feature Issue Vulnerability

DomainMod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets. A security signature issue vulnerability exists in the reset.php file in DomainMOD version 4.13.0, which can be exploited by an attacker to compromise an account...

DomainMOD <= 4.13.0 Multiple Vulnerabilities

DomainMOD is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:domainmod:domainmod"; ifdescripti...

DomainMod 4.13 - Cross-Site Scripting

DomainMod 4.13 - Cross-Site Scripting Exploit Title: DomainMod = 4.13 - Cross-Site Scripting Date: 30 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://domainmod.org/ Version: = 4.13 Tested on: Ubuntu 18.04.1 CVE: CVE-2019-15811 The software 'DomainMOD' is...

DomainMOD Cross-Site Scripting Vulnerability

DomainMOD is an open source application for managing your domain names and other Internet assets in a central location. A cross-site scripting vulnerability exists in the daterange parameter in reporting/domains/cost-by-month.php in DomainMOD 4.13 and earlier versions. An attacker could exploit...

DomainMod 4.13 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: DomainMod = 4.13 - Cross-Site Scripting Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://domainmod.org/ Version: = 4.13 Tested on: Ubuntu 18.04.1 CVE: CVE-2019-15811 The software 'DomainMOD' is...

DomainMod 4.13 Cross Site Scripting

Exploit Title: DomainMod = 4.13 - Cross-Site Scripting Date: 30 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://domainmod.org/ Version: = 4.13 Tested on: Ubuntu 18.04.1 CVE: CVE-2019-15811 The software 'DomainMOD' is vulnerable for Cross-Site Scripting i...