WordPress plugin RegistrationMagic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-20817 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.3 Description: A cross-site request forgery CSRF vulnerability allows attackers to change any user's password except for the user that is currently logged in. Recommendations: For ChurchCRM version 4.5.3, consider...

OESA-2023-1231 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.CVE-2023-0922...

K37250780: TMOS vulnerability: Password changes for local users may not be preserved unless the configuration is explicitly saved

Security Advisory Description When changing local user passwords at first boot, the password update may not be preserved unless the configuration is explicitly saved. This will leave the system in a state where it still accepts the old password, and the new password cannot be used to log in. This...

GNUBOARD5 访问控制错误漏洞

GNUBOARD5 is a web forum system based on PHP and MySQL. A security vulnerability exists in GNUBOARD5 versions 5.5.4 and 5.5.5, which stems from the presence of insecure privileges and can be exploited by an attacker to change all users' passwords without knowing the victim's original password...

PT-2023-10322 · Devise · Devise

Name of the Vulnerable Software and Affected Versions: Devise versions prior to 3.5.4 Description: The issue concerns the mishandling of Remember Me cookies for sessions, potentially allowing an adversary to gain unauthorized persistent application access. Specifically, the Devise gem generates t...

Kiwi TCMS 安全漏洞

Kiwi TCMS is a leading open source test management system for manual and automated testing from Kiwi TCMS Open Source. A security vulnerability exists in Kiwi TCMS version 11.6 and prior versions, which stems from the fact that when a user registers for a new account or changes their password,...

Advisory ROSA-SA-2022-2062

Software: samba 4.12.12 OS: rosa-server79 packageevrstring: samba-4.12.12-3 CVE-ID: CVE-2022-32744 BDU-ID: 2022-04687 CVE-Crit: Not Relevant CVE-DESC: A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own...

PT-2022-25296 · Ibm · Ibm Datapower Gateway

Name of the Vulnerable Software and Affected Versions: IBM DataPower Gateway versions 10.0.1.0 through 10.0.1.9 IBM DataPower Gateway versions 10.0.3.0 through 10.0.4.0 IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.22 IBM DataPower Gateway versions 10.5.0.0 through 10.5.0.2...

The vulnerability of the Lifecycle Management console component of the SAP BusinessObjects Business Intelligence platform allows a perpetrator to gain unauthorized access to protected information, change passwords, or import files into another system.

The vulnerability of the Lifecycle Management console component of the SAP BusinessObjects Business Intelligence platform is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information, change...

Logic Flaw Vulnerability in TY-6201A of Sichuan Tianyi Kanghe Communication Co.

The TY-6201A is a cost-effective full-band Wi-Fi6-enabled wireless router. A logic flaw vulnerability exists in the TY-6201A of Sichuan Tianyi Kanghe Communication Company Limited, which can be exploited by an attacker to change a password without permission via a POST request for a specific path...

The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System lies in the lack of authentication for the password change function, which allows unauthorized users to escalate their privileges.

The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System lies in the lack of authentication for the password change function. Exploiting this vulnerability could allow an attacker to gain increased privileges from a remote location...

Cognex 3D-A1000 Dimensioning System

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely, low attack complexity Vendor: Cognex Equipment: 3D-A1000 Dimensioning System Vulnerabilities: Missing Authentication for Critical Function, Improper Output Neutralization for Logs, Client-side Enforcement of Server-side Security 2...

CVE-2022-32744

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover...

Mealie 安全漏洞

Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A security vulnerability exists in Mealie version 1.0.0beta3, which stems from the inclusion of an insecure direct object reference that allows an attacker to modify a user's password and other...

Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration

Cockpit before version 2.2.0 is vulnerable to Insufficient Session Expiration. The application does not validate requests after password changes, allowing a user to change their account details even after an admin changes their password...

CVE-2022-27484

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request...

PT-2022-18449 · Fortinet · Fortiadc

Name of the Vulnerable Software and Affected Versions: Fortinet FortiADC versions 5.x.x through 6.2.3 Description: The issue allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. This is achieved by sending a specifically designe...

USN-5542-1 samba vulnerabilities

It was discovered that Samba did not handle MaxQueryDuration when being used in AD DC configurations, contrary to expectations. This issue only affected Ubuntu 20.04 LTS. CVE-2021-3670 Luke Howard discovered that Samba incorrectly handled certain restrictions associated with changing passwords. A...

Samba Privilege Escalation Vulnerability (CVE-2022-32744)

Samba is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...