12 matches found
Rainbond has a logic flaw vulnerability (CNVD-2023-29097)
Rainbond is a cloud-native application management platform. Rainbond suffers from a logic flaw vulnerability that can be exploited by an attacker to reset arbitrary user passwords...
CVE-2020-28865
An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save...
Design/Logic Flaw
An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save...
CVE-2014-8357
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...
CVE-2014-8357
CVE-2014-8357 affects Zhone zNID GPON 2426A prior to S3.0.501. The web admin backupsettings.html exposes a sessionKey in the URL, enabling a remote attacker to retrieve all user passwords from backupsettings.conf via a getConfig action. This is supported by multiple connected sources noting an in...
CVE-2014-8357
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. Recent assessments: Assessed...
CVE-2016-9479
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request...
CVE-2016-7107
Huawei Unified Maintenance Audit UMA before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors...
Code injection
Huawei Unified Maintenance Audit UMA before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors...
CVE-2016-0783
The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that 1 change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; 2 create a user or...
MetaBBS 0.11 - Administration Settings Authentication Bypass
MetaBBS 0.11 - Administration Settings Authentication Bypass source: https://www.securityfocus.com/bid/33626/info MetaBBS is prone to a vulnerability that lets attackers modify arbitrary user passwords because it fails to adequately secure access to administrative functionality. Exploiting this...