292 matches found
CVE-2023-53969
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...
CVE-2023-53968
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...
CVE-2023-53969 Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Password Change
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...
CVE-2023-53967 Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Admin Password Change
Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password...
CVE-2023-53967
Affected product: Screen SFT DAB 600/C firmware 1.9.3. Vulnerability: authentication bypass via POST to userManager.cgx that allows changing the admin password using a crafted MD5-hashed password. Impact: potential unauthorized admin access; confidentiality at risk. Root cause: improper authentic...
PT-2025-52705
Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description Screen SFT DAB 600/C Firmware version 1.9.3 contains a session management issue that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reus...
PT-2025-52706
Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description The software contains a session management issue that allows attackers to bypass authentication controls. This is achieved by exploiting improper IP address session binding. Attackers can reuse th...
PT-2025-52704
Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description The Screen SFT DAB 600/C firmware contains a flaw that permits unauthorized modification of the administrator password without current credentials. An attacker can exploit this by sending a...
CVE-2025-13320
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...
WordPress WP User Manager plugin <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter vulnerability
Authenticated Subscriber+ Arbitrary File Deletion via 'currentuseravatar' Parameter vulnerability discovered by YCInfosec in WordPress Plugin WP User Manager versions = 2.9.12...
CVE-2025-13320
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...
EUVD-2025-202983
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...
CVE-2025-13320
CVE-2025-13320 : WP User Manager for WordPress is vulnerable to Authenticated Arbitrary File Deletion via the current_user_avatar parameter in profile updates. The issue arises from insufficient validation of user-supplied file paths and improper handling of array inputs in PHP, enabling attacker...
WordPress plugin WP User Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2023-60186
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...
CVE-2023-53775 Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials...
CVE-2023-53775
Screen SFT DAB 1.9.3 contains an authentication bypass due to weak session management, enabling reuse of IP-bound session identifiers to issue unauthorized requests to the userManager API and change user credentials. Concrete details from PT-2025-50526: affected version 1.9.3; attack involves byp...
CVE-2023-53740 Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...
DB Elettronica Screen SFT DAB 安全漏洞
DB Elettronica Screen SFT DAB is a series of digital audio broadcast transmitters from DB Elettronica, Italy. A security vulnerability exists in DB Elettronica Screen SFT DAB version 1.9.3, which originates from an authentication bypass in the userManager.cgx endpoint, which could lead to passwor...
PT-2025-50526
Name of the Vulnerable Software and Affected Versions Screen SFT DAB version 1.9.3 Description Screen SFT DAB 1.9.3 has a flaw in its authentication process, allowing unauthorized modification of user passwords. This is due to weak session management controls, specifically the reuse of IP-bound...