EUVD-2026-4681

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an...

CVE-2009-4821

The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to 1 change the admin password via the adminpassword parameter, 2 disable the security requirement for the Wi-Fi network via unspecified vectors, or 3 modify DNS...

Use of Default Credentials

Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...

CVE-2022-43110

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password,...

CVE-2022-43110

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password,...

CVE-2022-43110

CVE-2022-43110 affects Voltronic Power ViewPower up to 1.04-21353 and PowerShield Netguard up to 1.04-23292. An unauthenticated remote attacker can configure the system via an unspecified web interface, including changing the web admin password, viewing/changing system configuration, enumerating ...

D-Link DNS-320 安全漏洞

D-Link DNS-320 is a NAS Network Attached Storage device from China AUO D-Link. A security vulnerability exists in D-Link DNS-320 version v1.00 and DNS-320LW version v1.01.0914.20212, which stems from a flaw in the accountmgr.cgi - cgichgadminpw component that could lead to the execution of...

Sielco Analog FM Transmitter 2.12 Improper Access Control Change Admin Password

Summary Sielco designs and produces FM radio transmitters for professional broadcasting. The in-house laboratory develops standard and customised solutions to meet all needs. Whether digital or analogue, each product is studied to ensure reliability, resistance over time and a high standard of...

CVE-2020-23836

A Cross-Site Request Forgery CSRF vulnerability in edituser.php in OSWAPP Warehouse Inventory System aka OSWA-INV through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site...

CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)

Exploit Title: CMSUno 1.6 - Cross-Site Request Forgery Change Admin Password Date: 2020-05-31 Exploit Author: Noth Vendor Homepage: https://github.com/boiteasite/cmsuno Software Link: https://github.com/boiteasite/cmsuno Version: v1.6 CVE : 2020-15600 An issue was discovered in CMSUno before 1.6....

CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password) Vulnerability

Exploit for php platform in category web applications Exploit Title: CMSUno 1.6 - Cross-Site Request Forgery Change Admin Password Exploit Author: Noth Vendor Homepage: https://github.com/boiteasite/cmsuno Software Link: https://github.com/boiteasite/cmsuno Version: v1.6 CVE : 2020-15600 An issue...

Exploit for Incorrect Default Permissions in Sonatype Nexus

CVE-2020-11444 Nexus 3 越权漏洞利用脚本 更多脚本文件另参：https://github.com/...

NukeViet VMS 4.4.00 Cross Site Request Forgery

Exploit Title: NukeViet VMS 4.4.00 - Cross-Site Request Forgery Change Admin Password Date: 2020-05-18 Exploit Author: JEBARAJ Vendor Homepage: https://nukeviet.vn/ Software Link: https://github.com/nukeviet/nukeviet/releases/download/4.4.00/nukeviet4.4.00setup.zip Version: 4.4.00 Tested on:...

P5 FNIP-8x16A/FNIP-4xSH CSRF / Cross Site Scripting

!-- C...

CVE-2018-21037

Subrion CMS 4.1.5 and possibly earlier versions allow CSRF to change the administrator password via the panel/members/edit/1 URI...

Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)

Exploit Title: Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Author: Sarthak Saini Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 CVE:CVE-2020-7991 Category: Webapps Tested on:...

Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password) Vulnerability

Exploit for php platform in category web applications Exploit Title: Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Author: Sarthak Saini Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8...

Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)

Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Title: Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Author: Sarthak Saini Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link:...

eMerge E3 1.00-06 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - Cross-Site Request Forgery Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06...

Nortek Linear eMerge E3 Access Control Cross Site Request Forgery

Nortek Linear eMerge E3 Access Control Cross-Site Request Forgery CVE: CVE-2019-7262 Advisory: https://applied-risk.com/resources/ar-2019-005 Discovered by Gjoko 'LiquidWorm' Krstic input type="hidden" name="DefaultFloorNo" valu...