6 matches found
EUVD-2004-2767
Malware in sbrugna...
CVE-2022-43326
An Insecure Direct Object Reference IDOR vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4. allows attackers to arbitrarily change user and Administrator account passwords...
CVE-2022-44389
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information...
Default configuration
An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account...
CVE-2010-5084
The cross-site request forgery CSRF protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via...
[Full-Disclosure] PrimeBase SQL Database server cleartext password storage.
PrimeBase SQL Database server cleartext password storage. Vapid Labs Security Note 10/20/03 The PrimeBase SQL Database Server 4.2 stores passwords in clear text, and based on the installation users umask settings maybe readable by all local users. From the readme.txt file: "The Admin server will...