Lucene search
K

397 matches found

NVD
NVD
added 2011/04/21 10:55 a.m.21 views

CVE-2008-7289

IBM Tivoli Directory Server TDS 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to cause a denial of service DB2 daemon deadlock by making password changes that trigger updates to a D...

4CVSS6.3AI score0.00883EPSS
Exploits0References2
Prion
Prion
added 2010/05/28 8:30 p.m.13 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via 1 apsetup.php, 2 psetup.php, 3 sslpsetup.php, or 4 mqsetup.php...

3.5CVSS7.8AI score0.00693EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2010/02/25 8:30 p.m.18 views

CVE-2010-0709

Multiple cross-site request forgery CSRF vulnerabilities in Limny 2.0 allow remote attackers to 1 hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and 2 hijack the authentication of the administrator for...

6.8CVSS7.4AI score0.01228EPSS
Exploits1References6
Prion
Prion
added 2010/02/15 6:30 p.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely...

6.8CVSS7.5AI score0.00571EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2009/05/20 7:30 p.m.8 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that 1 change the password, 2 add users, or 3 delete users via unknown vectors...

6.8CVSS7.6AI score0.00581EPSS
Exploits0References4Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/09/02 7:58 a.m.2 views

La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery

Overview La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery...

6CVSS6.7AI score0.00559EPSS
Exploits0References11
Prion
Prion
added 2008/08/27 8:41 p.m.10 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in 1 System Consultants La!Cooda WIZ 1.4.0 and earlier and 2 SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that a change passwords or b change configurations...

6CVSS7.9AI score0.00559EPSS
Exploits0References6Affected Software2
Packet Storm
Packet Storm
added 2007/12/28 12:0 a.m.18 views

zyxel-xssxsrf.txt

ZyXEL P-330W “Secure Wireless Internet Sharing Router” is vulnerable to multiple XSS and XSRF attacks. There are a plethora of XSS vulns in the web-based management interface so I'll leave it to you to discover these gifts on your own. Here is a starting point: http://:/ping.asp?pingstr=”alert"M...

7.4AI score
Exploits0
OSV
OSV
added 2007/11/05 7:46 p.m.2 views

DEBIAN-CVE-2007-5828

Cross-site request forgery CSRF vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CS...

6.8CVSS7.2AI score0.00749EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2007/11/05 12:0 a.m.5 views

PT-2007-6792 · Django · Django

Name of the Vulnerable Software and Affected Versions: Django version 0.96 Description: A cross-site request forgery CSRF issue exists in the admin panel, allowing remote attackers to change passwords of arbitrary users via a request to "admin/auth/user/1/password/". This issue is disputed by...

6.8CVSS7.3AI score0.00749EPSS
Exploits0References8
Prion
Prion
added 2007/07/10 12:30 a.m.19 views

Default credentials

changePW.php in AV Tutorial Script avtutorial 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter...

6.4CVSS7.3AI score0.0233EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/07/10 12:30 a.m.14 views

CVE-2007-3630

changePW.php in AV Tutorial Script avtutorial 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter...

6.4CVSS7AI score0.0233EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/07/10 12:0 a.m.21 views

CVE-2007-3630

changePW.php in AV Tutorial Script avtutorial 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter...

7AI score0.0233EPSS
Exploits0References5
CVE
CVE
added 2007/05/02 11:0 p.m.56 views

CVE-2007-2476

CVE-2007-2476 is associated with Novell SecureLogin (NSL) versions prior to 6.0.106 (NSL 6 SP1 and earlier). The connected Nessus data confirms multiple issues, including a vulnerability that could grant users excessive permissions to their own AD attributes and an additional security issue relat...

10CVSS6.8AI score0.02347EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.14 views

Samba Web Administration Tool SWAT Detection (HTTP)

HTTP based detection of the Samba Web Administration Tool SWAT. SPDX-FileCopyrightText: 2005 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2003/03/13 12:0 a.m.40 views

VPOPMail Account Administration (squirrel mail) version 0.9.7

Plugin info: http://www.squirrelmail.org/pluginview.php?id=103 Description: VPOPMail Account Administration The plugin lets the user do the tasks he would be able using qmailadmin change password let mails forward create away messages Notes from the README: IMPORTANT For the plugin to work...

7.3AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.25 views

Existing sessions are not correctly invalidated when a user changes their password

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10641.html...

9.8CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Rows per page
Query Builder