46 matches found
CVE-2024-38287
The CVE-2024-38287 issue affects R-HUB TurboMeeting versions through 8.x, where the Forgot Password password-reset flow can be abused by unauthenticated remote attackers to reset the administrator password to an insecure 8-digit value. Root cause: insecure password-reset mechanism in the Forgot P...
CVE-2024-38287
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...
CVE-2024-38287
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...
ZKTeco BioTime Password Reset Vulnerability
ZKTeco BioTime is a powerful web-based time and attendance management software from ZKTeco, China. A password reset vulnerability exists in ZKTeco BioTime, which can be exploited by an attacker to arbitrarily reset the administrator's password via a crafted web request...
Cross site request forgery (csrf)
A Cross-site request forgery CSRF vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password...
CVE-2022-30898
A Cross-site request forgery CSRF vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password...
Unauthenticated SQL Injection in Cachet
Impact In Cachet versions through 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. Patches The original reposito...
CVE-2021-39165
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...
CVE-2021-39165
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...
Sql injection
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...
Palo Alto Networks PAN-OS 8.0.x / 8.1.x < 8.1.16 / 9.0.x < 9.0.10 / 9.1.x < 9.1.3 Information Exposure
The version of Palo Alto Networks PAN-OS running on the remote host is 8.0.x, 8.1.x prior to 8.1.16, 9.0.x prior to 9.0.10 or 9.1.x prior to 9.1.3. It is, therefore, affected by an information exposure vulnerability where an administrator's password or other sensitive information may be logged in...
CVE-2019-15068
CVE-2019-15068 concerns the Smart Battery A4 portable charger. Connected sources confirm a broken access control flaw affecting firmware versions up to and including r1.7.9, enabling an attacker to obtain or reset the administrator password without authentication. The vulnerability is described a...
CVE-2018-18711
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=editinfo...
CVE-2018-18191
Cross-site request forgery CSRF vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password...
CVE-2018-16416
Cross-site request forgery CSRF vulnerability in myprofile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password...
CVE-2018-16416
Cross-site request forgery CSRF vulnerability in myprofile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in myprofile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password...
CVE-2018-16416
Cross-site request forgery CSRF vulnerability in myprofile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password...
CVE-2018-11527
An issue was discovered in CScms v4.1. A Cross-site request forgery CSRF vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpasssave...
CVE-2017-12857
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's...