Lucene search
K

292 matches found

OSV
OSV
added 2025/12/22 10:16 p.m.4 views

CVE-2023-53969

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...

9.3CVSS5.8AI score0.00456EPSS
Exploits2References5
OSV
OSV
added 2025/12/22 10:16 p.m.6 views

CVE-2023-53968

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...

9.3CVSS5.8AI score0.00555EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2025/12/22 9:35 p.m.6 views

CVE-2023-53969 Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Password Change

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...

9.3CVSS6.7AI score0.00456EPSS
Exploits2References5
Cvelist
Cvelist
added 2025/12/22 9:35 p.m.26 views

CVE-2023-53967 Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Admin Password Change

Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password...

9.3CVSS0.00456EPSS
Exploits2References5
CVE
CVE
added 2025/12/22 9:35 p.m.12 views

CVE-2023-53967

Affected product: Screen SFT DAB 600/C firmware 1.9.3. Vulnerability: authentication bypass via POST to userManager.cgx that allows changing the admin password using a crafted MD5-hashed password. Impact: potential unauthorized admin access; confidentiality at risk. Root cause: improper authentic...

9.3CVSS6.8AI score0.00456EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.8 views

PT-2025-52705

Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description Screen SFT DAB 600/C Firmware version 1.9.3 contains a session management issue that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reus...

9.8CVSS6.6AI score0.00555EPSS
Exploits2References11
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.5 views

PT-2025-52706

Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description The software contains a session management issue that allows attackers to bypass authentication controls. This is achieved by exploiting improper IP address session binding. Attackers can reuse th...

9.3CVSS6.8AI score0.00456EPSS
Exploits2References9
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.6 views

PT-2025-52704

Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description The Screen SFT DAB 600/C firmware contains a flaw that permits unauthorized modification of the administrator password without current credentials. An attacker can exploit this by sending a...

9.3CVSS6.8AI score0.00456EPSS
Exploits2References10
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.5 views

CVE-2025-13320

The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...

6.8CVSS7.3AI score0.00687EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/12 7:43 a.m.7 views

WordPress WP User Manager plugin <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via 'currentuseravatar' Parameter vulnerability discovered by YCInfosec in WordPress Plugin WP User Manager versions = 2.9.12...

6.8CVSS6.8AI score0.00687EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/12 4:15 a.m.4 views

CVE-2025-13320

The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...

6.8CVSS0.00687EPSS
Exploits0References8
EUVD
EUVD
added 2025/12/12 3:20 a.m.5 views

EUVD-2025-202983

The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...

6.8CVSS6.8AI score0.00687EPSS
Exploits0References8
CVE
CVE
added 2025/12/12 3:20 a.m.19 views

CVE-2025-13320

CVE-2025-13320 : WP User Manager for WordPress is vulnerable to Authenticated Arbitrary File Deletion via the current_user_avatar parameter in profile updates. The issue arises from insufficient validation of user-supplied file paths and improper handling of array inputs in PHP, enabling attacker...

6.8CVSS6.9AI score0.00687EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

WordPress plugin WP User Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.8CVSS6.5AI score0.00687EPSS
Exploits0References7
EUVD
EUVD
added 2025/12/10 9:31 p.m.5 views

EUVD-2023-60186

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...

8.6CVSS6.7AI score0.00845EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/12/10 9:8 p.m.19 views

CVE-2023-53775 Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials...

7.1CVSS0.00447EPSS
Exploits1References6
CVE
CVE
added 2025/12/10 9:8 p.m.15 views

CVE-2023-53775

Screen SFT DAB 1.9.3 contains an authentication bypass due to weak session management, enabling reuse of IP-bound session identifiers to issue unauthorized requests to the userManager API and change user credentials. Concrete details from PT-2025-50526: affected version 1.9.3; attack involves byp...

7.1CVSS6.7AI score0.00447EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/10 9:6 p.m.2 views

CVE-2023-53740 Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...

8.6CVSS6.8AI score0.00845EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.3 views

DB Elettronica Screen SFT DAB 安全漏洞

DB Elettronica Screen SFT DAB is a series of digital audio broadcast transmitters from DB Elettronica, Italy. A security vulnerability exists in DB Elettronica Screen SFT DAB version 1.9.3, which originates from an authentication bypass in the userManager.cgx endpoint, which could lead to passwor...

9.8CVSS7AI score0.00845EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.6 views

PT-2025-50526

Name of the Vulnerable Software and Affected Versions Screen SFT DAB version 1.9.3 Description Screen SFT DAB 1.9.3 has a flaw in its authentication process, allowing unauthorized modification of user passwords. This is due to weak session management controls, specifically the reuse of IP-bound...

7.1CVSS6.8AI score0.00447EPSS
Exploits1References10
Rows per page
Query Builder