Lucene search
K

43 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:42 a.m.12 views

CVE-2017-8848

Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password...

6.5CVSS7AI score0.00487EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/22 12:0 a.m.1 views

Unspecified Vulnerability in D-Link DI-7003GV2

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. A security vulnerability exists in the D-Link DI-7003GV2, which stems from improper handling of the file /H5/webgl.asp function sub41F4F0, which can be exploited by an attacker to cause an unverified password change...

7.5CVSS7.2AI score0.00572EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:25 p.m.6 views

CVE-2002-1846

Yet Another Bulletin Board YaBB 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a...

5CVSS7.2AI score0.01053EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 12:31 a.m.48 views

CVE-2025-4903

CVE-2025-4903 affects D-Link DI-7003GV2 (firmware 24.04.18D1 R68125). The vulnerability is in the function sub_41F4F0 of /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart, leading to an unverified password change. It can be initiated remotely. Several conne...

7.5CVSS5.4AI score0.00572EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/14 12:42 a.m.23 views

CVE-2025-4552

A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploi...

5.5CVSS6.9AI score0.0045EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2025/05/06 12:0 a.m.285 views

Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: Casdoor 1.901.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 1.901.0 Date: 03/07/2024 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v1.901.0.zip Tested on: Windows CVE : N/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/03/22 12:0 a.m.295 views

Aztech DSL5005EN Router - 'sysAccess.asp' Admin Password Change (Unauthenticated)

Exploit Title: Aztech DSL5005EN Router - 'sysAccess.asp' Admin Password Change Unauthenticated Date: 2025-02-26 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.aztech.com Version: DSL5005EN Tested on: Linux CVE: N/A import requests import argparse print''' aztech DSL5005EN...

7.4AI score
Exploits0
CVE
CVE
added 2025/02/10 12:0 a.m.50 views

CVE-2024-46430

The CVE-2024-46430 entry concerns the Tenda W18E router (version 16.01.0.8(1625)) and describes an incorrect access control in the SetLoginPassword function of the web management portal. The underlying issue enables an unauthenticated remote attacker to change the administrator password by sendin...

6.5CVSS6.8AI score0.00819EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 2:48 p.m.9 views

CVE-2020-15149

NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an...

9.9CVSS6.9AI score0.02434EPSS
Exploits2
Cvelist
Cvelist
added 2025/01/17 12:0 a.m.25 views

CVE-2024-57032

WeGIA 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senhaantiga field...

0.00624EPSS
Exploits1References2
CVE
CVE
added 2024/10/30 1:35 p.m.63 views

CVE-2024-31151

LevelOne WBR-6012 contains hard-coded credentials in its web services, enabling unauthenticated access within the first 30 seconds after boot and potential bypass via other vulnerabilities. TALOS confirms two backdoors: a hard-coded admin backdoor password and an undocumented user account with a ...

9.8CVSS7.4AI score0.00719EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2023/05/23 12:0 a.m.212 views

Screen SFT DAB 600/C - Authentication Bypass Password Change Exploit

!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Password Change Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/02/20 12:0 a.m.8 views

CVE-2022-44216

Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password...

7AI score0.00671EPSS
Exploits0References3
OSV
OSV
added 2022/12/12 5:54 p.m.7 views

CVE-2022-3930 Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own...

6.5CVSS6AI score0.00606EPSS
Exploits2References4
Cvelist
Cvelist
added 2022/08/25 12:0 a.m.25 views

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

8.6AI score0.00965EPSS
Exploits0References2
0day.today
0day.today
added 2017/04/12 12:0 a.m.129 views

Brother MFC-J6520DW - Authentication Bypass / Password Change Exploit

Exploit for php platform in category web applications ASCII hex -- md5 e.g. AuthCookie=c243a9ee18a9327bfd419f31e75e71c7 for 'test' password This information can be used to crack current password from exported cookie. Fix: Minimize network access to Brother MFC device or disable HTTPS interface...

10CVSS9.7AI score0.33584EPSS
Exploits4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

TotalCalendar 2.4 - Remote Password Change Exploit

No description provided by source. title Powered by: TotalCalendar 2.4 Remote Password Change /title tr align=left td width=10 /td td align=centerspan class=boxHeaderCod3d By ThE g0bL!N/span/td td width=10 align=right/td /tr /table/span/td /tr /table /td /tr tr td style=padding: 0px; table...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

AlstraSoft Template Seller Pro <= 3.25 Admin Password Change Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo AlstraSoft Template Seller Pro = 3.25 Admin Password Change Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love ; if $argc4 echo Usage: php...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/02/17 12:0 a.m.49 views

Trendchip HG520 ADSL2+ Wireless Modem CSRF Vulnerability

Exploit for hardware platform in category web applications Cross Site Request Forgery This Modem's Web Application , suffers from Cross-site request forgery through which attacker can manipulate user data via sending him malicious craft url. The Modems's Application not using any security token t...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/02/07 12:0 a.m.30 views

Croogo 1.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities

----------------------------------------------------------------------------------------------- Title: Croogo 1.2.1 Multiple CSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmaildotcom Date: 07. February 2010...

7AI score
Exploits0
Rows per page
Query Builder