36 matches found
PT-2024-21642
Name of the Vulnerable Software and Affected Versions GeoNode versions prior to 4.2.3 Description The issue exists within GeoNode, a geospatial content management system, where the current rich text editor is vulnerable to Stored XSS. This allows an attacker to retrieve a victim's CSRF token and...
The vulnerability of the user interface of the integration plugin between SnapCenter and the VMware SnapCenter Plugin for VMware vSphere (SCV) allows a hacker to alter the email settings.
The vulnerability of the user interface of the integration plugin between SnapCenter and the VMware SnapCenter Plugin for VMware vSphere SCV is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to alter email settings remotely...
Car Rental Script 安全漏洞
Car Rental Script is an open source vehicle rental script by GZ Script. A security vulnerability exists in PHPJabbers Car Rental Script version 3.0, which stems from a lack of validation when changing e-mail addresses or passwords...
CVE-2023-36134
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password on the Profile Page allows remote attackers to take over accounts...
Class Scheduling System Data Forgery Problem Vulnerability
Class Scheduling System is a class scheduling system by jkev Personal Developer. A security vulnerability exists in Class Scheduling System version 1.0, which stems from a lack of authentication when changing email addresses or passwords, allowing a remote attacker to take over an account...
CVE-2023-33563
In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password on the Profile Page allows remote attackers to take over accounts...
PT-2022-22325 · Tabit · Tabit
Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue allows for arbitrary account modification. An endpoint mapped by a tiny URL permits an adversary to modify personal details, such as email addresses and phone numbers, of a specific...
PYSEC-2022-43186
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through...
PT-2022-20050 · Opencti · Opencti
Name of the Vulnerable Software and Affected Versions: OpenCTI versions 5.2.4 and earlier Description: A broken access control issue has been identified in the profile endpoint. This allows an attacker to change their registered e-mail address and API key, despite this action not being possible...
ILIAS 安全漏洞
ILIAS is an open source learning management system. A security vulnerability exists in ILIAS version 7.10 and earlier versions, which stems from a lack of validation when changing an email address on the profile page. An attacker exploited the vulnerability to remotely take over an account...
PT-2022-2799 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 11.10 through 14.9.5 GitLab Enterprise Edition versions 14.10 through 14.10.4 GitLab Enterprise Edition versions 15.0 through 15.0.1 Description: The issue is related to the SCIM feature in GitLab, which can...
UBUNTU-CVE-2019-14880
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise...
Fedora 28 : mediawiki (2018-e022ecbc52)
https://www.mediawiki.org/wiki/Releasenotes/1.29MediaWiki1.29.3 - T169545, CVE-2018-0503 SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'. - T194605, CVE-2018-0505 SECURITY: BotPasswords can bypass CentralAuth's account lock. - T180551 Fix LanguageSrTest for language converter - T18055...
Fedora 27 : mediawiki (2018-edf90410ea)
https://www.mediawiki.org/wiki/Releasenotes/1.29MediaWiki1.29.3 - T169545, CVE-2018-0503 SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'. - T194605, CVE-2018-0505 SECURITY: BotPasswords can bypass CentralAuth's account lock. - T180551 Fix LanguageSrTest for language converter - T18055...
CVE-2011-2978
Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address aka oldemail field for e-mail change notifications, which makes it easier for remote...
cPanel 11.x - Cross-Site Request Forgery (Edit E-mail)
cPanel 11.x - Cross-Site Request Forgery Edit E-mail Exploit Title: Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit Date: 22 - 10 - 2010 Author: Mon7rF Mail : [email protected] Tested on: Windows 7 --------------------------------------------------------------------------------------...