270 matches found
CVE-2025-26010
Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword...
CVE-2025-26010
Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword...
CVE-2025-26010
Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword...
CVE-2025-26010
Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword...
CVE-2025-26010
CVE-2025-26010 affects Telesquare TLR-2005KSH (firmware 1.1.4). The vulnerability stems from a flaw in handling the admin.cgi parameter setUserNamePassword, allowing unauthorized password modification. CVSS 3.1 metrics show network access, low attack complexity, no privileges required, and user i...
Medium: 389-ds-base
Issue Overview: A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input. CVE-2024-2199 A flaw was found in 389-ds-base. A specially-crafted LDAP query can...
OESA-2025-1147 three-eight-nine-ds-base security update
389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server...
D-Link Routers Incorrect Use Of Privileged APIs (CVE-2024-11068)
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any userâs password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that userâs account. Note that Nessus has not tested f...
D-Link DSL6740C Incorrect Use of Privileged API Vulnerability
The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. A security vulnerability exists in the D-Link DSL6740C, which can be exploited by an attacker to modify arbitrary user passwords and later log in to Web, SSH, and Telnet services via certain APIs...
CVE-2024-11068
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account...
CVE-2024-11068 D-Link DSL6740C - Incorrect Use of Privileged APIs
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account...
CVE-2024-46610
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...
CVE-2024-46610
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...
CVE-2024-6672
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password...
PT-2024-37789 · Ipswitch · Whatsup Gold
Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.0 Description: A SQL Injection issue allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. This can be exploited by altering a privileg...
389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...
CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...
CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...
PT-2024-22548 · Unit4 · Unit4 Financials
Name of the Vulnerable Software and Affected Versions: Unit4 Financials by Coda versions prior to 2023Q4 Description: The issue is related to an incorrect access control authorization bypass, allowing an authenticated user to modify the password of any user of the application via a crafted reques...
CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...