10 matches found
CVE-2026-33297
WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numer...
GHSA-6547-8HRG-C55M AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php
Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...
Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players
Over 87,000 MongoDB instances are at risk from a critical memory leak called MongoBleed. Following the chaos at Ubisoft, see how this zero-password flaw works and how to protect your data...
JLSEC-2025-217 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivat...
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtlspkcs12derivation function when an input password's length is 0...
CVE-2005-4775
Michael Scholz and Sebastian Stein Contineo 2.0, when the admin account lacks an e-mail address attribute, displays the password hash in a warning upon page reload, which might allow remote attackers to view the hash...
SUSE CVE-2022-48538
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...
DEBIAN-CVE-2022-48538
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...
CVE-2022-48538
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...
UBUNTU-CVE-2022-48538
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...
Cacti 跨站脚本漏洞
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data through snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A cross-site scripting vulnerability exists in Cacti version 1.2.19,...