43 matches found
CVE-2026-54103 U.S. GAO EPDS and CBCA EDS unauthenticated password change
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...
CVE-2025-13615
CVE-2025-13615 concerns the WordPress StreamTube Core plugin (versions up to 4.78). The issue arises from user-controlled access to objects, allowing unauthenticated attackers to bypass authorization and perform arbitrary password changes on user accounts, potentially taking over administrator ac...
EUVD-2017-15586
Malware in sbrugna...
EUVD-2015-8448
Malware in sbrugna...
EUVD-2024-33578
Malicious code in bioql PyPI...
EUVD-2024-50168
Malicious code in bioql PyPI...
CVE-2025-4606
The CVE-2025-4606 entry concerns the Sala - Startup & SaaS WordPress Theme and its vulnerability to unauthenticated privilege escalation. Affected versions are all up to 1.1.4, where the theme fails to properly validate a user’s identity before updating details such as passwords. This allows an u...
Nokri - Job Board Theme for WordPress < 1.6.3 Arbitrary Password Change
The WordPress DWT - Directory & Listing Theme installed on the remote host is affected by an unauthenticated Arbitrary Password Change. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
CVE-2024-8911
The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
CVE-2024-10215
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
CVE-2024-9862
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...
Cisco Secure ACS Unauthorized Password Change
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Secure ACS Unauthorized Password Change', 'Description' = %q This module exploits an authentication bypass issue which allows arbitrary...
CVE-2024-22179
The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password change...
Electrolink FM/DAB/TV Transmitter Remote Authentication Removal
!/usr/bin/env python Electrolink FM/DAB/TV Transmitter Remote Authentication Removal Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB...
PT-2022-24882 · WordPress · Directorist
Name of the Vulnerable Software and Affected Versions: Directorist WordPress plugin versions prior to 7.4.2.2 Description: The issue allows an attacker to exploit an IDOR vulnerability, enabling them to change the password of arbitrary users instead of their own. Recommendations: For Directorist...
Updated ldb/samba/sssd packages fix security vulnerability
Fixed AD restrictions bypass associated with changing passwords bsc1201495. CVE-2022-2031 Fixed a memory leak in SMB1 bsc1201496. CVE-2022-32742 Fixed an arbitrary password change request for any AD user bsc1201493. CVE-2022-32744 Fixed a remote server crash with an LDAP add or modify request...
SUSE: Security Advisory (SUSE-SU-2022:2659-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for ldb, (SUSE-SU-2022:2659-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2022:2659-1 Security update for ldb, samba
This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging bsc1201490. - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request bsc1201492. - CVE-2022-2031: Fixed AD restrictions bypass associated wit...
SUSE: Security Advisory (SUSE-SU-2022:2586-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...