Lucene search
K

12 matches found

CNVD
CNVD
added 2023/03/01 12:0 a.m.17 views

Rainbond has a logic flaw vulnerability (CNVD-2023-29097)

Rainbond is a cloud-native application management platform. Rainbond suffers from a logic flaw vulnerability that can be exploited by an attacker to reset arbitrary user passwords...

6.8AI score
Exploits0
OSV
OSV
added 2022/06/16 9:15 p.m.16 views

CVE-2020-28865

An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save...

7.5CVSS7.5AI score
Exploits0References1
Prion
Prion
added 2022/06/16 9:15 p.m.13 views

Design/Logic Flaw

An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save...

5CVSS7.5AI score0.0073EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/10/17 4:0 p.m.21 views

CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

8.7AI score0.05441EPSS
Exploits4References4
CVE
CVE
added 2017/10/17 4:0 p.m.174 views

CVE-2014-8357

CVE-2014-8357 affects Zhone zNID GPON 2426A prior to S3.0.501. The web admin backupsettings.html exposes a sessionKey in the URL, enabling a remote attacker to retrieve all user passwords from backupsettings.conf via a getConfig action. This is supported by multiple connected sources noting an in...

8.8CVSS8.5AI score0.05441EPSS
In wildExploits4References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/10/17 12:0 a.m.62 views

CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. Recent assessments: Assessed...

8.8CVSS8.3AI score0.05441EPSS
In wildExploits4References5
Cvelist
Cvelist
added 2016/12/02 4:0 p.m.20 views

CVE-2016-9479

The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request...

7.5AI score0.01838EPSS
Exploits0References4
NVD
NVD
added 2016/09/07 7:28 p.m.18 views

CVE-2016-7107

Huawei Unified Maintenance Audit UMA before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors...

7.5CVSS7.5AI score0.01205EPSS
Exploits0References2
Prion
Prion
added 2016/09/07 7:28 p.m.15 views

Code injection

Huawei Unified Maintenance Audit UMA before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors...

4CVSS6.7AI score0.01129EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/04/11 2:0 p.m.21 views

CVE-2016-0783

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time...

7.6AI score0.07104EPSS
Exploits0References5
Prion
Prion
added 2013/01/24 1:55 a.m.12 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that 1 change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; 2 create a user or...

6.8CVSS7.7AI score0.01086EPSS
Exploits1References3Affected Software1
exploitpack
exploitpack
added 2009/02/04 12:0 a.m.10 views

MetaBBS 0.11 - Administration Settings Authentication Bypass

MetaBBS 0.11 - Administration Settings Authentication Bypass source: https://www.securityfocus.com/bid/33626/info MetaBBS is prone to a vulnerability that lets attackers modify arbitrary user passwords because it fails to adequately secure access to administrative functionality. Exploiting this...

0.4AI score
Exploits0
Rows per page
Query Builder