CVE-2013-4198

mailpassword.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality...

samba -- multiple vulnerabilities

Samba project reports: In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...

Blue Coat ProxySG Local User Modification Race Condition

The remote Blue Coat ProxySG device's SGOS self-reported version is prior to 6.5.4.0. It is, therefore, potentially affected by a race condition issue during the time before the new changes take effect after a local user account modification due to configuration caching. User account modification...

UBUNTU-CVE-2013-2032

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks...

Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass (Metasploit)

Dahua DVR Authentication Bypass - CVE-2013-6117 --Summary-- Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Zhejiang Dahua Technology Co., Ltd. http://www.dahuasecurity.com --Affects-- Dahua web-enabled DVRs Dahua-rebranded web-enabled...

CVE-2013-2032

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks...

CVE-2013-6018

Cross-site request forgery CSRF vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password...

CVE-2013-3583

Cross-site request forgery CSRF vulnerability in saveProperties.html in Corporater EPM Suite allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords...

Fedora 18 : mediawiki-1.19.6-1.fc18 (2013-7714)

Changes since 1.19.5 - bug 47304 SECURITY: Check SVG xml encoding against whitelist - bug 46590 Added AbortChangePassword hook to allow extensions to abort password changes from Special:ChangePassword - Localisation updates from http://translatewiki.net. - mwdocgen.php: Implement --version option...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in editAccount.html in the JAMF Software Server JSS interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that 1 create user accounts or 2 change passwords via a Save...

CentOS Update for openldap CESA-2012:1151 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for 389-ds-base CESA-2012:0997 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Symantec Web Gateway contains multiple vulnerabilities

Overview The Symantec Web Gateway management console is vulnerable to remote command execution, local file inclusion, arbitrary password changes, and SQL injection. Description The Symantec SYM12-011 advisory states:"Symantec's Web Gateway management console is susceptible to multiple security...

CVE-2011-4287

admin/uploaduserform.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user...

Default credentials

admin/uploaduserform.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user...

RedHat Update for 389-ds-base RHSA-2012:0997-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Sagem [email protected] 2604 CSRF Vulnerability (ADSL Router)

Exploit for hardware platform in category web applications ================================================================================ || | | || || || |/ | || |/ | | | | | | | | | | | \ | | | | \ ================================================================================ Exploit Title:...

DreamHost Warns of Attack, Forces Customer Password Changes

Attackers were able to compromise a database at DreamHost, a large hosting provider, late last week and the company is forcing all of its customers to change their passwords for their FTP and shell accounts as a precautionary measure. DreamHost did not provide many details about what happened in...

Sina microblogging certified design flaws and fixes-vulnerability warning-the black bar safety net

Brief description: Sina Weibo design defects, resulting in know the original account password, even if the modified password can be obtained permission to publish Twitter, add attention like operation, 可以参考http://www.80sec.com/session-hijackin.html Describe: Sina microblogging authentication on t...

Fedora 14 : sssd-1.5.7-1.fc14 (2011-5815)

Fri Apr 29 2011 Stephen Gallagher - 1.5.7-1 - Resolves: rhbz700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename - Wed Apr 20 2011 Stephen Gallagher - 1.5.6.1-1 - Re-add manpage translations - Wed Apr 20 2011 Stephen Gallagher - 1.5.6-1 - New...