9 matches found
PT-2025-20728 · Flytxt · Flytxt Neon-Dx
Name of the Vulnerable Software and Affected Versions: Flytxt NEON-dX version 0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c Description: The issue concerns the userId parameter in the change password function, allowing attackers to execute brute force attacks to discover user passwords. This could potential...
CVE-2024-4311
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the...
CVE-2024-42849
An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function...
CVE-2023-44811
Cross Site Request Forgery CSRF vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function...
CVE-2023-44811
Cross Site Request Forgery CSRF vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function...
CVE-2019-20481
The connected Red Hat advisories confirm CVE-2019-20481 affects the Miele XGW 3000 ZigBee Gateway before 2.4.0, where the Password Change Function does not require the old password. This is stated to be exploitable in conjunction with CVE-2019-20480 (CSRF). The combined entries indicate an auth-r...
PT-2019-6818 · Freedesktop +3 · Accountsservice +3
Name of the Vulnerable Software and Affected Versions: AccountService version 0.6.37 Description: An issue exists in the user change password authorized cb function in user.c, which could let a local user obtain encrypted passwords. Recommendations: For version 0.6.37, consider restricting access...
CVE-2017-17056
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'passwordchange' function of the Modify Password component, reachable via the oldpassword, newpassword1, and newpassword2 parameters to the /accounts/passwordchange/ URI. An...