79 matches found
SourceCodester Web-based Pharmacy Product Management System 代码注入漏洞
SourceCodester Web-based Pharmacy Product Management System is a SourceCodester open source Web-based pharmacy product management system. A code injection vulnerability exists in version 1.0 of the SourceCodester Web-based Pharmacy Product Management System due to a code injection of the paramete...
Prison Management System 跨站脚本漏洞
Prison Management System is a prison management system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in SourceCodester Prison Management System version 1.0, which stems from /Admin/changepassword.php containing unknown processing, which leads to cross-site...
The vulnerability of the auth_changepassword.php component of the Cacti network monitoring software allows a attacker to perform XSS attacks.
The vulnerability of the authchangepassword.php component of the Cacti network monitoring software is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
DEBIAN-CVE-2022-48547
A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...
UBUNTU-CVE-2022-48547
A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...
Cacti 跨站脚本漏洞
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A cross-site scripting vulnerability exists in Cacti 0.8.7g and earlier...
SUSE CVE-2021-26247
As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...
CVE-2023-0641
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password...
PT-2023-16418 · Unknown · Phpgurukul Employee Leaves Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Employee Leaves Management System version 1.0 Description: A vulnerability was found in the PHPGurukul Employee Leaves Management System, affecting an unknown functionality of the file changepassword.php. The manipulation of the...
Lead Management System SQL注入漏洞
Lead management system is a lead management system developed by Mayuri K. The Lead Management System v1.0 version is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the userid parameter of changePassword.php. An attacker could use this...
nopCommerce 输入验证错误漏洞
nopCommerce is an open source general purpose e-commerce platform. A security vulnerability exists in nopCommerce versions 4.10 to 4.50.1, which is caused by an open redirection in the ChangePassword function, SignInCustomerAsync function, SuccessAuthentication method, and NopRedirectResultExecut...
DEBIAN-CVE-2021-26247
As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...
CVE-2021-44554
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS Windows through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...
CVE-2021-44554
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS Windows through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...
Cybele Software Thinfinity VirtualUI 代码问题漏洞
Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. A code issue vulnerability exists in Thinfinity VirtualUI because the product...
CVE-2021-44848
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...
Authentication flaw
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...
CVE-2021-44848
Thinfinity VirtualUI (before 3.0) has a user-enumeration flaw in /changePassword: responses differ based on whether the username exists, enabling an attacker to determine valid usernames (e.g., Administrator, Guest). This credential disclosure stems from the authentication response behavior and i...
BSA Radar 1.6.7234.24750 Cross Site Request Forgery
Exploit title: BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery Change Password Exploit Author: William Summerhill Date: 2020-06-22 Vendor Homepage:bhttps://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE: CVE-2020-14944 Description: The Global RADAR BSA Radar...
BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password) Vulnerability
Exploit for hardware platform in category web applications Exploit title: BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery Change Password Exploit Author: William Summerhill Vendor Homepage:bhttps://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE: CVE-2020-1494...