Lucene search
K

270 matches found

RedhatCVE
RedhatCVE
added 2025/03/28 1:23 a.m.12 views

CVE-2025-26010

Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword...

9.8CVSS7.1AI score0.00378EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 8:15 p.m.20 views

CVE-2025-26010

Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword...

9.8CVSS0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 12:0 a.m.13 views

CVE-2025-26010

Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword...

0.00378EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/26 12:0 a.m.8 views

CVE-2025-26010

Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword...

9.6AI score0.00378EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 12:0 a.m.64 views

CVE-2025-26010

CVE-2025-26010 affects Telesquare TLR-2005KSH (firmware 1.1.4). The vulnerability stems from a flaw in handling the admin.cgi parameter setUserNamePassword, allowing unauthorized password modification. CVSS 3.1 metrics show network access, low attack complexity, no privileges required, and user i...

9.8CVSS7.3AI score0.00378EPSS
Exploits0References1Affected Software1
Amazon
Amazon
added 2025/03/25 12:0 a.m.5 views

Medium: 389-ds-base

Issue Overview: A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input. CVE-2024-2199 A flaw was found in 389-ds-base. A specially-crafted LDAP query can...

7.5CVSS6.6AI score0.01256EPSS
Exploits0
OSV
OSV
added 2025/02/21 1:35 p.m.3 views

OESA-2025-1147 three-eight-nine-ds-base security update

389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server...

5.7CVSS6.9AI score0.00423EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/21 12:0 a.m.14 views

D-Link Routers Incorrect Use Of Privileged APIs (CVE-2024-11068)

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. Note that Nessus has not tested f...

9.8CVSS5.5AI score0.01174EPSS
Exploits0References2
CNVD
CNVD
added 2024/11/15 12:0 a.m.10 views

D-Link DSL6740C Incorrect Use of Privileged API Vulnerability

The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. A security vulnerability exists in the D-Link DSL6740C, which can be exploited by an attacker to modify arbitrary user passwords and later log in to Web, SSH, and Telnet services via certain APIs...

9.8CVSS6.8AI score0.01174EPSS
Exploits0References1
NVD
NVD
added 2024/11/11 8:15 a.m.24 views

CVE-2024-11068

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account...

9.8CVSS0.01174EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/11 8:5 a.m.38 views

CVE-2024-11068 D-Link DSL6740C - Incorrect Use of Privileged APIs

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account...

9.8CVSS0.01174EPSS
Exploits0References2
OSV
OSV
added 2024/09/25 1:15 a.m.2 views

CVE-2024-46610

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...

7.5CVSS5.8AI score0.00442EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.2 views

CVE-2024-46610

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...

5.4AI score0.00442EPSS
Exploits1References2
NVD
NVD
added 2024/08/29 10:15 p.m.26 views

CVE-2024-6672

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password...

8.8CVSS0.00714EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.20 views

PT-2024-37789 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.0 Description: A SQL Injection issue allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. This can be exploited by altering a privileg...

8.8CVSS8.7AI score0.00714EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2024/07/18 3:21 p.m.3 views

389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

5.7CVSS5.7AI score0.00565EPSS
Exploits0References5
OSV
OSV
added 2024/03/20 3:15 p.m.10 views

CVE-2024-28735

Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...

8.1CVSS5.8AI score0.0073EPSS
Exploits2References5
NVD
NVD
added 2024/03/20 3:15 p.m.12 views

CVE-2024-28735

Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...

8.1CVSS6.4AI score0.0073EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.8 views

PT-2024-22548 · Unit4 · Unit4 Financials

Name of the Vulnerable Software and Affected Versions: Unit4 Financials by Coda versions prior to 2023Q4 Description: The issue is related to an incorrect access control authorization bypass, allowing an authenticated user to modify the password of any user of the application via a crafted reques...

8.1CVSS6.3AI score0.0073EPSS
Exploits2References8
Cvelist
Cvelist
added 2024/03/20 12:0 a.m.17 views

CVE-2024-28735

Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...

6.6AI score0.0073EPSS
Exploits2References3
Rows per page
Query Builder