Lucene search
K

46 matches found

CVE
CVE
added 2024/07/25 12:0 a.m.49 views

CVE-2024-38287

The CVE-2024-38287 issue affects R-HUB TurboMeeting versions through 8.x, where the Forgot Password password-reset flow can be abused by unauthenticated remote attackers to reset the administrator password to an insecure 8-digit value. Root cause: insecure password-reset mechanism in the Forgot P...

9.8CVSS7.5AI score0.00544EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/07/25 12:0 a.m.16 views

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

0.00544EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/25 12:0 a.m.16 views

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

7.2AI score0.00544EPSS
Exploits0References2
CNVD
CNVD
added 2023/08/07 12:0 a.m.45 views

ZKTeco BioTime Password Reset Vulnerability

ZKTeco BioTime is a powerful web-based time and attendance management software from ZKTeco, China. A password reset vulnerability exists in ZKTeco BioTime, which can be exploited by an attacker to arbitrarily reset the administrator's password via a crafted web request...

7.5CVSS6.8AI score0.00355EPSS
Exploits0References1
Prion
Prion
added 2022/06/09 7:15 p.m.8 views

Cross site request forgery (csrf)

A Cross-site request forgery CSRF vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password...

4.3CVSS6.6AI score0.00544EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/09 6:52 p.m.17 views

CVE-2022-30898

A Cross-site request forgery CSRF vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password...

6.8AI score0.00544EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/08/30 4:12 p.m.414 views

Unauthenticated SQL Injection in Cachet

Impact In Cachet versions through 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. Patches The original reposito...

8.1CVSS7.6AI score0.09752EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2021/08/26 9:15 p.m.21 views

CVE-2021-39165

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

8.1CVSS0.09752EPSS
Exploits2References2
OSV
OSV
added 2021/08/26 9:15 p.m.27 views

CVE-2021-39165

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

6.5CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2021/08/26 9:15 p.m.24 views

Sql injection

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

5CVSS6.7AI score0.09752EPSS
Exploits2References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/09/11 12:0 a.m.21 views

Palo Alto Networks PAN-OS 8.0.x / 8.1.x < 8.1.16 / 9.0.x < 9.0.10 / 9.1.x < 9.1.3 Information Exposure

The version of Palo Alto Networks PAN-OS running on the remote host is 8.0.x, 8.1.x prior to 8.1.16, 9.0.x prior to 9.0.10 or 9.1.x prior to 9.1.3. It is, therefore, affected by an information exposure vulnerability where an administrator's password or other sensitive information may be logged in...

4CVSS5AI score0.00732EPSS
Exploits0References2
CVE
CVE
added 2019/09/25 6:10 p.m.38 views

CVE-2019-15068

CVE-2019-15068 concerns the Smart Battery A4 portable charger. Connected sources confirm a broken access control flaw affecting firmware versions up to and including r1.7.9, enabling an attacker to obtain or reset the administrator password without authentication. The vulnerability is described a...

10CVSS9.5AI score0.01853EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/10/27 10:0 p.m.18 views

CVE-2018-18711

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=editinfo...

8.8AI score0.0065EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/10/09 8:0 p.m.17 views

CVE-2018-18191

Cross-site request forgery CSRF vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password...

8.8AI score0.00806EPSS
Exploits1References1
OSV
OSV
added 2018/09/03 7:29 p.m.15 views

CVE-2018-16416

Cross-site request forgery CSRF vulnerability in myprofile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password...

8.8CVSS7.1AI score
Exploits0References2
NVD
NVD
added 2018/09/03 7:29 p.m.12 views

CVE-2018-16416

Cross-site request forgery CSRF vulnerability in myprofile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password...

8.8CVSS8.8AI score0.00863EPSS
Exploits1References2
Prion
Prion
added 2018/09/03 7:29 p.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in myprofile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password...

6.8CVSS8.7AI score0.00863EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/09/03 7:0 p.m.15 views

CVE-2018-16416

Cross-site request forgery CSRF vulnerability in myprofile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password...

8.8AI score0.00863EPSS
Exploits1References2
NVD
NVD
added 2018/05/29 7:29 a.m.17 views

CVE-2018-11527

An issue was discovered in CScms v4.1. A Cross-site request forgery CSRF vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpasssave...

8.8CVSS8.9AI score0.00614EPSS
Exploits1References1
NVD
NVD
added 2017/08/25 7:29 p.m.16 views

CVE-2017-12857

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's...

8.8CVSS8.5AI score0.01623EPSS
Exploits0References2
Rows per page
Query Builder