MK-AUTH Cross-Site Request Forgery Vulnerability

MK-AUTH is an access control system by the individual developer Pedro Filho in Brazil. A cross-site request forgery vulnerability exists in MK-AUTH through version 19.01 K4.9, which allows passwords to be changed via the central executor central.php...

Siemens LOGO! 8 BM Information Disclosure Vulnerability

Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. Siemens LOGO! 8 BM is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to make unauthorized password or configuration changes to any...

Siemens LOGO! 8 BM Static Key Replay Attack Vulnerability

Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. A security vulnerability exists in Siemens LOGO! 8 BM. An attacker could exploit this vulnerability by performing a replay attack to make unauthorized changes to passwords or...

Siemens LOGO! 8 BM 信任管理问题漏洞

Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. A security vulnerability exists in Siemens LOGO! 8 BM. An attacker could exploit this vulnerability by performing a replay attack to make unauthorized changes to passwords or...

Siemens LOGO! 8 BM

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! 8 BM Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently...

PbootCMS 跨站请求伪造漏洞

PbootCMS is a new core open source enterprise building system developed by Avantech. A cross-site request forgery vulnerability exists in PbootCMS 1.3.2. An attacker can exploit this vulnerability to change user passwords...

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-60481)

WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, Inc. WSO2 API Manager 3.1.0 suffers from a cross-site scripting vulnerability, which can be exploited to hijack a logged-in user's session by stealing a cookie, changing the logged-in user's password while maintaining...

CVE-2020-27885

Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...

CVE-2020-14025

Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password...

CVE-2020-24028

ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...

CVE-2020-24028

ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...

CVE-2020-24029

Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "corrected in all maintained versions. Password reset requests are validated...

Cross site request forgery (csrf)

Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request...

CVE-2020-24028

ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...

CVE-2020-24028

The CVE-2020-24028 entry concerns ForLogic Qualiex v1 and v3. It states that an authenticated customer can achieve privilege escalation via actions such as creating users, changing passwords, or updating user permissions, within the user’s own permission scope. The supplier‑provided note (as of 2...

CVE-2020-24029

Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "corrected in all maintained versions. Password reset requests are validated...

CVE-2020-24029

CVE-2020-24029 affects ForLogic Qualiex v1 and v3, where unauthenticated password changes could expose customer/admin permissions and data via a simple request. The root cause is unauthenticated password changes; as of 2025-10-14, the supplier indicates this is corrected in all maintained version...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-35459)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.2.0, which stems from the program incorrectly handling brute force attacks. An attacker could exploit the vulnerability to...

CVE-2020-1703

CVE-2020-1703 entry is rejected and does not represent an active vulnerability.

The vulnerability of the Red Hat IPA domain controller, related to the lack of automatic termination of all sessions after password changes, allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Red Hat IPA domain controller is related to the absence of automatic termination of all sessions after the password is changed. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...