397 matches found
Default credentials
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.31, Mendix Applications using Mendix 8 All versions V8.18.18, Mendix Applications using Mendix 9 All versions V9.14.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.2, Mendix Applications...
CVE-2022-31887
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password...
PT-2022-15263 · Tableau · Tableau Server
Name of the Vulnerable Software and Affected Versions: Tableau Server versions 2020.4.16 through 2021.4.4 and earlier Description: A broken access control issue is present in Tableau Server, affecting customers who use Local Identity Store for user management. This issue allows a malicious site...
GHSA-QRF6-H5FC-7M96 Mattermost Server does not enforce rate limits on password change attempts
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change...
GHSA-VCGG-HP4R-87GX Contao Does Not Invalidate Existing Sessions When Password Changes
Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the backend or frontend...
HumHub 安全漏洞
Humhub is a set of open source social networking software written on the Yii PHP framework. HumHub has a security vulnerability that stems from the fact that users who are forced by administrators to change their passwords may be able to retrieve data from other users. No detailed vulnerability...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
CVE-2021-26620
An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
Sylius code issue vulnerability
Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. Sylius suffers from a code issue vulnerability that could lead to existing token leakage and unauthorized password changes. No details of the vulnerability are currently available...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
Sylius 代码问题漏洞
Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. Sylius suffers from a code issue vulnerability that could lead to existing token leakage and unauthorized password changes. No details of the vulnerability are currently available...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
Shopware 代码问题漏洞
Shopware is a suite of open source e-commerce software from the German company Shopware.A trust management issue vulnerability exists in versions of Shopware prior to 5.7.7, which stems from the fact that shopware does not invalidate a user's session when a password is changed. An attacker could...
CVE-2021-20158
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command...
Design/Logic Flaw
MinIO is a Kubernetes native application for cloud storage. Prior to version RELEASE.2021-12-27T07-23-18Z, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version RELEASE.2021-12-27T07-23-18Z changes the...