On Wine App Has Logic Flaws

On Wine APP is a wine appraisal platform. There is a logic vulnerability in On Wine APP, which can be exploited by an attacker to arbitrarily register users, arbitrarily log in users, and arbitrarily change passwords...

Search Easy Borrowing App Exists with Arbitrary Password Reset Vulnerability

Search Easy Borrow APP is a smart loan search information service platform. There is an arbitrary password reset vulnerability in SearchEaseLendAPP, which allows an attacker to change the account password of the whole website in bulk by cooperating with the username enumeration...

Today is System Administrator Appreciation Day

And we are enormously grateful. What started off as a tongue-and-cheek offshoot of Administrative Professionals Day has now become a special holiday that people around the world recognize and practice. Dear reader, today is System Administrator Appreciation Day. Let’s be honest, maintaining the...

CVE-2017-9415

Cross-site request forgery CSRF vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view...

CVE-2017-6530

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgwv1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change...

Design/Logic Flaw

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation...

UBUNTU-CVE-2017-8879

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation...

CVE-2017-8879

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation...

Default credentials

360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application...

Unauthorized Change Of Password

loopback is vulnerable to unauthorized password changes. The vulnerability exists as loopback accepts a change of user password without having the user to confirm their old password, leading to an account takeover. The attack is possible as long as an attacker can perform some form of social...

PT-2018-5044 · Red Hat +1 · Ansible +1

Name of the Vulnerable Software and Affected Versions: Ansible versions prior to 2.2.1.0 Description: An input validation issue was discovered in the mysql user module, potentially causing password changes to fail under certain conditions, resulting in the previous password remaining active...

PT-2017-17049 · D Link · D-Link Dsl-2730B

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2730U C1 IN 1.00 Description: The issue allows remote attackers to perform unauthorized actions, including changing the DNS or firewall configuration, or modifying any password, due to a Cross Site Request Forgery CSRF weakness...

DEBIAN-CVE-2016-10206

Cross-site request forgery CSRF vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php...

BINOM3 Electric Power Quality Meter Hard-Coded Vulnerability

BINOM3 Electric Power Quality Meter is an electrical power quality monitor for SCADA systems from the Russian company BINOM3. A hard-coded vulnerability exists in BINOM3 Electric Power Quality Meter, where users do not have permission to change their passwords...

Design/Logic Flaw

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12...

CVE-2017-3795

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12...

CVE-2017-3795

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12...

CVE-2017-3795

CVE-2017-3795 affects Cisco WebEx Meetings Server; authenticated, remote attackers could perform arbitrary password changes for non-administrative users due to insufficient parameter security. Affected release: 2.6; fixed in 2.7.1.12. Cisco advisory cisco-sa-20170118-wms1 documents the issue and ...

CVE-2016-5997

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.51089.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.52249.0.2A FP3 does not apply password-quality rules to password...