CVE-2023-49032

An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone...

CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

CVE-2019-11652

A potential authorization bypass issue was found in Micro Focus Self Service Password Reset SSPR versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset SSPR SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate...

CVE-2023-53958

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

CVE-2023-53958

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

CVE-2023-53958 LDAP Tool Box Self Service Password 1.5.2 Account Takeover via HTTP Host Header

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

CVE-2023-53958

LDAP Tool Box Self Service Password 1.5.2 is affected by a vulnerability in its password reset flow: attackers can manipulate the HTTP Host header during token generation, causing tokens to be sent to a attacker-controlled server and enabling potential account takeover by using stolen reset token...

EUVD-2025-204597

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

PT-2025-52528

Name of the Vulnerable Software and Affected Versions LDAP Tool Box Self Service Password version 1.5.2 Description The software contains a password reset issue where attackers can manipulate HTTP Host headers during token generation. This allows crafting malicious password reset requests that...

EUVD-2019-3322

Malware in sbrugna...

EUVD-2010-4474

Malware in sbrugna...

EUVD-2020-4190

Malware in sbrugna...

EUVD-2019-3317

Malware in sbrugna...

EUVD-2020-18470

Malware in sbrugna...

EUVD-2023-53056

Malicious code in bioql PyPI...

CVE-2020-25837

Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset SSPR product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information...

CVE-2019-11674

Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack...

CVE-2020-11850

Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting XSS. This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6...

CVE-2020-11850

Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting XSS. This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6...

CVE-2020-11850 Cross site scripting vulnerability in Self Service Password Reset

Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting XSS. This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6...