Lucene search
K

36 matches found

Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.5 views

PT-2024-21642

Name of the Vulnerable Software and Affected Versions GeoNode versions prior to 4.2.3 Description The issue exists within GeoNode, a geospatial content management system, where the current rich text editor is vulnerable to Stored XSS. This allows an attacker to retrieve a victim's CSRF token and...

6.1CVSS6.2AI score0.00376EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2023/10/19 12:0 a.m.5 views

The vulnerability of the user interface of the integration plugin between SnapCenter and the VMware SnapCenter Plugin for VMware vSphere (SCV) allows a hacker to alter the email settings.

The vulnerability of the user interface of the integration plugin between SnapCenter and the VMware SnapCenter Plugin for VMware vSphere SCV is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to alter email settings remotely...

5.5CVSS5.5AI score0.00301EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2023/08/28 12:0 a.m.6 views

Car Rental Script 安全漏洞

Car Rental Script is an open source vehicle rental script by GZ Script. A security vulnerability exists in PHPJabbers Car Rental Script version 3.0, which stems from a lack of validation when changing e-mail addresses or passwords...

8.8CVSS7.9AI score0.00717EPSS
Exploits0References3
OSV
OSV
added 2023/08/04 12:15 a.m.4 views

CVE-2023-36134

In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password on the Profile Page allows remote attackers to take over accounts...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.5 views

Class Scheduling System Data Forgery Problem Vulnerability

Class Scheduling System is a class scheduling system by jkev Personal Developer. A security vulnerability exists in Class Scheduling System version 1.0, which stems from a lack of authentication when changing email addresses or passwords, allowing a remote attacker to take over an account...

9.8CVSS7AI score0.00416EPSS
Exploits0References4
OSV
OSV
added 2023/08/01 11:15 p.m.5 views

CVE-2023-33563

In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password on the Profile Page allows remote attackers to take over accounts...

8.8CVSS5.9AI score0.00564EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.5 views

PT-2022-22325 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue allows for arbitrary account modification. An endpoint mapped by a tiny URL permits an adversary to modify personal details, such as email addresses and phone numbers, of a specific...

6.3CVSS5.2AI score0.00399EPSS
Exploits0References4
PyPA
PyPA
added 2022/07/05 1:15 p.m.7 views

PYSEC-2022-43186

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through...

7.5CVSS7AI score0.00912EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/05 12:0 a.m.6 views

PT-2022-20050 · Opencti · Opencti

Name of the Vulnerable Software and Affected Versions: OpenCTI versions 5.2.4 and earlier Description: A broken access control issue has been identified in the profile endpoint. This allows an attacker to change their registered e-mail address and API key, despite this action not being possible...

7.5CVSS7.3AI score0.00912EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.3 views

ILIAS 安全漏洞

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS version 7.10 and earlier versions, which stems from a lack of validation when changing an email address on the profile page. An attacker exploited the vulnerability to remotely take over an account...

7.5CVSS8.3AI score0.00802EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/06/03 12:0 a.m.4 views

PT-2022-2799 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 11.10 through 14.9.5 GitLab Enterprise Edition versions 14.10 through 14.10.4 GitLab Enterprise Edition versions 15.0 through 15.0.1 Description: The issue is related to the SCIM feature in GitLab, which can...

9.9CVSS8.9AI score0.15471EPSS
Exploits0References17
OSV
OSV
added 2020/03/31 4:15 p.m.1 views

UBUNTU-CVE-2019-14880

A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise...

9.1CVSS6.3AI score0.01079EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.26 views

Fedora 28 : mediawiki (2018-e022ecbc52)

https://www.mediawiki.org/wiki/Releasenotes/1.29MediaWiki1.29.3 - T169545, CVE-2018-0503 SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'. - T194605, CVE-2018-0505 SECURITY: BotPasswords can bypass CentralAuth's account lock. - T180551 Fix LanguageSrTest for language converter - T18055...

6.5CVSS6AI score0.02797EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2018/10/09 12:0 a.m.22 views

Fedora 27 : mediawiki (2018-edf90410ea)

https://www.mediawiki.org/wiki/Releasenotes/1.29MediaWiki1.29.3 - T169545, CVE-2018-0503 SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'. - T194605, CVE-2018-0505 SECURITY: BotPasswords can bypass CentralAuth's account lock. - T180551 Fix LanguageSrTest for language converter - T18055...

6.5CVSS6AI score0.02797EPSS
Exploits1References4
Cvelist
Cvelist
added 2011/08/09 7:0 p.m.23 views

CVE-2011-2978

Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address aka oldemail field for e-mail change notifications, which makes it easier for remote...

6.5AI score0.01713EPSS
Exploits1References7
exploitpack
exploitpack
added 2010/11/21 12:0 a.m.9 views

cPanel 11.x - Cross-Site Request Forgery (Edit E-mail)

cPanel 11.x - Cross-Site Request Forgery Edit E-mail Exploit Title: Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit Date: 22 - 10 - 2010 Author: Mon7rF Mail : [email protected] Tested on: Windows 7 --------------------------------------------------------------------------------------...

0.8AI score
Exploits0
Rows per page
Query Builder