Lucene search
K

189 matches found

Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.5 views

PT-2023-20626 · Unknown · Sourcecodester File Tracker Manager System

Name of the Vulnerable Software and Affected Versions: SourceCodester File Tracker Manager System version 1.0 Description: A critical issue was found in the SourceCodester File Tracker Manager System. This issue affects the file register/update password.php of the component POST Parameter Handler...

9.8CVSS7.1AI score0.00726EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.6 views

PT-2023-19931 · Apple +2 · Apple Macos +3

Name of the Vulnerable Software and Affected Versions: PowerPanel Business Local/Remote for Windows versions 4.8.6 and earlier PowerPanel Business Management for Windows versions 4.8.6 and earlier PowerPanel Business Local/Remote for Linux 32bit versions 4.8.6 and earlier PowerPanel Business...

9.8CVSS9.3AI score0.00968EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/12/12 5:54 p.m.28 views

CVE-2022-3930 Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own...

6.8AI score0.00606EPSS
Exploits2References1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.22 views

WordPress Directorist plugin <= 7.4.2.1 - Auth. Insecure Direct Object References (IDOR) vulnerability

Auth. Insecure Direct Object References IDOR vulnerability leading to arbitrary user password update discovered by cydave in the WordPress Directorist plugin versions = 7.4.2.1. Solution Update the WordPress Directorist plugin to the latest available version at least 7.4.2.2...

3.5AI score0.00606EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.5 views

PT-2022-23845 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RuoYi version 3.8.3 Description: The issue is related to a weak password in the management system. Recommendations: For RuoYi version 3.8.3, update the password to a stronger one to mitigate the risk...

9.8CVSS9.3AI score0.00817EPSS
Exploits1References3
OSV
OSV
added 2022/05/17 12:55 a.m.30 views

GHSA-8Q2M-PWXF-JC7G python-keystoneclient unsecure user password update

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process...

2.9CVSS8.7AI score0.0037EPSS
Exploits1References7
FreeBSD
FreeBSD
added 2022/02/14 12:0 a.m.253 views

gitea -- password hash quality

The Gitea team reports: This PR refactors and improves the password hashing code within gitea and makes it possible for server administrators to set the password hashing parameters. In addition it takes the opportunity to adjust the settings for pbkdf2 in order to make the hashing a little...

1.7AI score
Exploits0References2
Huntr
Huntr
added 2021/10/07 1:41 p.m.11 views

Session Fixation in pheditor/pheditor

Description Session Fixation vulnerability found in pheditor in which it doesn't expire the sessions after password update. Proof of Concept // PoC 1. Open normal tab and one private tab 2. Open the pheditor on both of them and log in as a user 3. From private tab change the user password and log...

Exploits0References1
Huntr
Huntr
added 2021/07/06 4:28 p.m.6 views

Session Fixation in erudika/scoold

✍️ Description Session Fixation vulnerability found in scoold in which it doesn't expire the sessions after password update. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Open the same account in the normal and private tab. 2. Change the password from anyone tab let's say private and then refresh...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/05/28 4:48 p.m.10 views

in hstm/dotfiles

✍️ Description Owner of this Github repo has inadvertently committed their .pgpass file which contains login information for a localhost PostgreSQL server. We suggest the owner of this Github repo deletes the file from the repo, adds .pgpass to their .gitignore and changes their localhost...

0.2AI score
Exploits0References1
OSV
OSV
added 2021/03/12 9:33 p.m.3 views

GHSA-XF46-8VVP-4HXX Keycloak Missing authentication for critical function

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

6.8CVSS6.6AI score0.00329EPSS
Exploits0References2
OSV
OSV
added 2021/03/09 6:15 p.m.19 views

CVE-2021-20262

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

6.8CVSS6.2AI score
Exploits0References1
NVD
NVD
added 2021/03/09 6:15 p.m.15 views

CVE-2021-20262

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

6.8CVSS0.00329EPSS
Exploits0References1
Prion
Prion
added 2021/03/09 6:15 p.m.17 views

Design/Logic Flaw

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

4.6CVSS6.3AI score0.00329EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2021/03/09 12:0 a.m.6 views

Red Hat Keycloak 访问控制错误漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from a re-authentication not occurring when a password is updated. An attacker...

6.8CVSS5.6AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/03/02 1:2 p.m.27 views

CVE-2021-20262

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

6.8CVSS3.8AI score0.00329EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2020/10/02 5:6 p.m.130 views

HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know

HP released a security bulletin on Sept. 25, 2020, disclosing a set of vulnerabilities in HP Device Manager that—when some are chained together—can result in a remote attacker gaining SYSTEM privileges on the target node. Note: A backdoor database user exists in the PostgreSQL database used by HP...

6.5CVSS1.4AI score0.01327EPSS
Exploits0
Veracode
Veracode
added 2020/06/01 8:17 a.m.9 views

Insecure Password Update

com.liferay.login.web is vulnerable to insecure password update. During the user password update, it is allowed to update the password via JSONWS without supplying their current password, leading to other attacks such as XSS, session hijacking, an unattended workstation or other vectors...

3.9AI score
Exploits0
Hacker One
Hacker One
added 2020/05/17 1:27 a.m.44 views

Starbucks: Singapore - Account Takeover via IDOR

ko2sec discovered that an alternate site shared database and cookie credentials with card.starbucks.com.sg. By exploiting an endpoint on the alternate site, ko2sec was able to copy a PHPSESSID cookie value from that site over to card.starbucks.com.sg and then see user information, update the...

2AI score
Exploits0
OSV
OSV
added 2020/01/14 11:15 p.m.1 views

CVE-2020-0621

A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'...

4.4CVSS5.8AI score0.00972EPSS
Exploits0References1
Rows per page
Query Builder