188 matches found
CVE-2022-47116
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the SYSPS parameter at /goform/SysToolChangePwd...
RuoYi 安全漏洞
RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v4.7.2, which originates from the fact that in the RuoYi v4.7.2 interface, the user test1 does not have the privilege to reset the password of the user test3, but can request...
CVE-2021-44627
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloudconfig/routerpost/getresetpwdveirfycode feature, which allows malicious users to execute arbitrary code on the system via a crafted post request...
PT-2022-16293 · Saviynt · Saviynt Enterprise Identity Cloud
Name of the Vulnerable Software and Affected Versions: Saviynt Enterprise Identity Cloud EIC version 5.5 SP2.x Description: An issue was discovered that allows an authentication bypass. Specifically, the endpoint /ECM/maintenance/forgotpasswordstep1 is vulnerable, enabling an unauthenticated user...
CVE-2021-44848
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...
PT-2018-2678 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through 0.9.8.740 Description: The issue is related to insufficient authentication of executed requests in the CentOS Web Panel application, specifically affecting the "admin/index.php?module=rootpwd" endpoint. This...
studenten-wohnung.de XSS vulnerability
Vulnerable URL: http://www.studenten-wohnung.de/lostpassword.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 684328 VIP website status:| No Coordinated Disclosure Timeline:...
CVE-2017-9554
An information exposure vulnerability in forgetpasswd.cgi in Synology DiskStation Manager DSM before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors...