CVE-2016-4066

Cross-site request forgery CSRF vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors...

Multiple Vulnerabilities in the Goo Goo Mini Printer System of Yingchuan Technology Co.

Ltd. is a high-tech enterprise in Xiamen City, a consumer electronics manufacturer held by Wanlida Nanjing Technology Co. The system of Gu Gu Mini Printer of Yingchun Technology has unauthorized access, arbitrary user information access, arbitrary user password change and SQL injection...

CVE-2016-0049

Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key...

Debian DLA-408-1 : gosa security update

GOsa is a combination of system-administrator and end-user web interface, designed to handle LDAP based setups. GOsa upstream reported a code injection vulnerability in the Samba plugin code of GOsa. During Samba password changes it has been possible to inject malicious Perl code. This upload to...

[SECURITY] [DLA 408-1] gosa security update

Package : gosa Version : 2.6.11-3+squeeze5 CVE ID : CVE-2015-8771 GOsa is a combination of system-administrator and end-user web interface, designed to handle LDAP based setups. GOsa upstream reported a code injection vulnerability in the Samba plugin code of GOsa. During Samba password changes i...

DLA-408-1 gosa - security update

Bulletin has no description...

The vulnerability of the Lepide Active Directory Self Service tool, which allows a malicious individual to change the passwords of arbitrary users

The vulnerability of the Lepide Active Directory Self Service tool is related to errors in the implementation of the password reset function. Exploiting this vulnerability could allow an attacker to change the passwords of arbitrary users through a specially created request...

SOL37250780 - TMOS vulnerability: Password changes for local users may not be preserved unless the configuration is explicitly saved

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SUSE: Security Advisory for Samba (SUSE-SU-2014:0497-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-6827

Cross-site request forgery CSRF vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that 1 change the SSID or 2 change the password via a crafted request...

CVE-2014-9019

Multiple cross-site request forgery CSRF vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin user name or 2 conduct cross-site scripting XSS attacks via the sysUserName parameter in a save action to...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity...

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass

No description provided by source. Dahua DVR Authentication Bypass - CVE-2013-6117 --Summary-- Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Zhejiang Dahua Technology Co., Ltd. http://www.dahuasecurity.com --Affects-- Dahua web-enabl...

samba: Password lockout not enforced for SAMR password changes

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 1 SAMR or 2 RAP attempts...

samba: Password lockout not enforced for SAMR password changes

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 1 SAMR or 2 RAP attempts...

Updated samba packages fix security vulnerability

In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...

FreeBSD : samba -- multiple vulnerabilities (03e48bf5-a96d-11e3-a556-3c970e169bc2)

Samba project reports : In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...

PYSEC-2014-62

mailpassword.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality...

PYSEC-2014-62

mailpassword.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality...