397 matches found
CVE-2008-7289
IBM Tivoli Directory Server TDS 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to cause a denial of service DB2 daemon deadlock by making password changes that trigger updates to a D...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via 1 apsetup.php, 2 psetup.php, 3 sslpsetup.php, or 4 mqsetup.php...
CVE-2010-0709
Multiple cross-site request forgery CSRF vulnerabilities in Limny 2.0 allow remote attackers to 1 hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and 2 hijack the authentication of the administrator for...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that 1 change the password, 2 add users, or 3 delete users via unknown vectors...
La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery
Overview La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in 1 System Consultants La!Cooda WIZ 1.4.0 and earlier and 2 SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that a change passwords or b change configurations...
zyxel-xssxsrf.txt
ZyXEL P-330W “Secure Wireless Internet Sharing Router” is vulnerable to multiple XSS and XSRF attacks. There are a plethora of XSS vulns in the web-based management interface so I'll leave it to you to discover these gifts on your own. Here is a starting point: http://:/ping.asp?pingstr=”alert"M...
DEBIAN-CVE-2007-5828
Cross-site request forgery CSRF vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CS...
PT-2007-6792 · Django · Django
Name of the Vulnerable Software and Affected Versions: Django version 0.96 Description: A cross-site request forgery CSRF issue exists in the admin panel, allowing remote attackers to change passwords of arbitrary users via a request to "admin/auth/user/1/password/". This issue is disputed by...
Default credentials
changePW.php in AV Tutorial Script avtutorial 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter...
CVE-2007-3630
changePW.php in AV Tutorial Script avtutorial 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter...
CVE-2007-3630
changePW.php in AV Tutorial Script avtutorial 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter...
CVE-2007-2476
CVE-2007-2476 is associated with Novell SecureLogin (NSL) versions prior to 6.0.106 (NSL 6 SP1 and earlier). The connected Nessus data confirms multiple issues, including a vulnerability that could grant users excessive permissions to their own AD attributes and an additional security issue relat...
Samba Web Administration Tool SWAT Detection (HTTP)
HTTP based detection of the Samba Web Administration Tool SWAT. SPDX-FileCopyrightText: 2005 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VPOPMail Account Administration (squirrel mail) version 0.9.7
Plugin info: http://www.squirrelmail.org/pluginview.php?id=103 Description: VPOPMail Account Administration The plugin lets the user do the tasks he would be able using qmailadmin change password let mails forward create away messages Notes from the README: IMPORTANT For the plugin to work...
Existing sessions are not correctly invalidated when a user changes their password
More info at https://contao.org/en/news/security-vulnerability-cve-2019-10641.html...