MGASA-2019-0237 Updated webmin packages fix security vulnerability

Updated webmin package fixes security vulnerability: Webmin before 1.930 allows remote exploits if the option to change expired passwords is enabled CVE-2019-15107. Note that it is only vulnerable if changing of expired passwords is enabled, which is not the case by default...

Adive Framework 2.0.7 - Cross-Site Request Forgery

Adive Framework 2.0.7 - Cross-Site Request Forgery Exploit Title: Adive Framework 2.0.7 – Cross-Site Request Forgery CSRF Date:02/08/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://adive.es Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.7 Tested on: Window...

CVE-2016-10859

cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands SEC-65...

CVE-2016-10859

cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands SEC-65...

CVE-2016-10859

cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands SEC-65...

CVE-2016-10859

CVE-2016-10859 affects cPanel before 11.54.0.0. The issue allows unauthorized password changes through Webmail API commands (SEC-65). Root cause details are not expanded beyond the description in the provided documents. Exploitation status and concrete remediation steps are not specified in the c...

CVE-2018-20862

cPanel before 76.0.8 unsafely performs PostgreSQL password changes SEC-366...

Moxa OnCell G3100-HSPA Security Bypass Vulnerability

Moxa OnCell G3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa, Taiwan, China. A security vulnerability exists in Moxa OnCell G3100-HSPA 1.4 Build 16062919 and earlier versions. The vulnerability can be exploited by an attacker to bypass authentication and access the web...

CVE-2017-14728

An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public...

HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)

HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Exploit Title: HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download...

CVE-2018-15901

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators...

Intex N150 Device Cross-Site Request Forgery Vulnerability

Intex N150 devices is a wireless router product from Intex Technologies, India. A cross-site request forgery vulnerability exists in the router firmware in Intex N150 devices. A remote attacker can exploit this vulnerability to change user passwords and router settings...

UBUNTU-CVE-2017-0921

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised...

Microsoft Windows: Disable machine account password changes

This test checks the setting for policy OpenVAS Vulnerability Test $Id: windomainmachineaccountpasswdchanges.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Domain member: Disable machine account password changes Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH...

Tenable Nessus Session Fixation Vulnerability

Tenable Network Security Nessus is an open source vulnerability scanner from Tenable Network Security, USA. A session fixation vulnerability exists in Tenable Network Security Nessus versions prior to 7.1.0. An attacker could exploit this vulnerability to gain access to the system even after a us...

Fastweb FASTGate 0.00.47 - Cross-site Request Forgery

Exploit for hardware platform in category web applications Exploit Title: Fastweb FASTgate 0.00.47 CSRF Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Fastweb Product Web Page: http://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/ Version: 0.00.4...

Fastweb FASTGate 0.00.47 Cross Site Request Forgery

Exploit Title: Fastweb FASTgate 0.00.47 CSRF Date: 09-05-2018 Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Fastweb Product Web Page: http://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/ Version: 0.00.47 CVE: CVE-2018-6023 I DESCRIPTION...

CVE-2017-18042

The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery CSRF vulnerability...

CVE-2017-5254

In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism...

Multiple Vulnerabilities in the EnjoyShop App

Enjoy a purchase app is an online shopping application. There are vulnerabilities in arbitrary user password change, arbitrary account login, arbitrary user payment password reset and payment design of Enjoy a purchase app. An attacker can reset any user, login to any account, reset any payment...