284 matches found
lumasoft fotoShare Cloud 安全漏洞
Lumasoft FotoShare Cloud is a cloud-based gallery service from Lumasoft. A security vulnerability exists in lumasoft fotoShare Cloud version 2025-03-13, which stems from improper client-side password validation and could lead to unauthorized access...
CVE-2025-54336
In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...
CVE-2025-54336
CVE-2025-54336 (Plesk Obsidian 18.0.70) is a vulnerability where _isAdminPasswordValid uses a weak == comparison in admin/plib/LoginManager.php, enabling authentication bypass if the correct password has the form "0e" followed by digits. This can let an attacker log in with strings evaluating to ...
Plesk Obsidian 安全漏洞
Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability exists in Plesk Obsidian version 18.0.70, which stems from the use of the == comparison by isAdminPasswordValid and could lead to bypassing authentication...
CVE-2025-54336
In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...
CVE-2023-22451
Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...
CVE-2023-41972
In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later...
CVE-2023-1524
The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...
CVE-2023-21252
In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2021-43394
Unisys OS 2200 Messaging Integration Services NTSI 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated...
CVE-2020-20402
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation...
CVE-2012-2368
Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password...
ABB ANC 安全漏洞
ABB ANC ABB Adaptive Noise Cancellation is an industrial-grade adaptive noise cancellation system from ABB Switzerland for real-time cancellation of noise in specific frequency bands generated by equipment such as motors/transformers. A security vulnerability exists in ABB ANC version 1.1.4 and...
CVE-2025-30361 WeGIA Vulnerable to Broken Authentication - Old Password Validation
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass...
CVE-2025-22228
BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same...
CVE-2024-12876
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible fo...
CVE-2021-40409
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. Th...
CVE-2024-12402
The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password...
CVE-2024-11768
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download...
CVE-2024-11768
CVE-2024-11768 affects the WordPress Download Manager plugin and arises from improper password validation in the checkFilePassword function, impacting all versions up to 3.3.03. An unauthenticated attacker can download password-protected files due to this flaw. The vulnerability is specific to th...