17 matches found
EUVD-2011-4510
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-1000528
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form...
PT-2024-40391 · Packagist · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue arises after a password reset, where the ChangePasswordForm::doChangePassword function logs in the user without checking Member::canLogIn. This...
Cross-site request forgery attack on change password form
Summary Change password doesn't validate CSRF token properly. Impact An attacker can force the victim to change password without knowing. To successfully complete this attack the victim needs to be logged to the Guardian/CMC and visit a special prepared page containing the forged change password...
Session fixation in change password form
SilverStripe through 4.3.3 allows session fixation in the "change password" form...
CVE-2019-15085
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form...
CVE-2019-15085
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form...
Default credentials
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form...
CVE-2019-15085
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form...
Open Microscopy Environment OMERO.web Information Disclosure Vulnerability
Open Microscopy Environment OMERO.web is a set of open source image management platform for Web applications. The platform supports a variety of image file formats , and image management , viewing and editing operations . An information disclosure vulnerability exists in the login form and change...
DEBIAN-CVE-2018-1000528
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...
CVE-2018-1000528
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...
UBUNTU-CVE-2018-1000528
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...
CVE-2018-1000528
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...
CVE-2018-1000528
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...
CVE-2011-4585
login/changepassword.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network...
PT-2012-1917 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.14 Description: The issue concerns the change-password form in the login/change password.php file. It does not utilize https for encryption, even when the httpslogin option is enabled. This oversight allows...