15 matches found
EUVD-2007-5554
Malware in sbrugna...
EUVD-2025-17432
Malicious code in bioql PyPI...
CVE-2025-5864 Tenda TDSEE App Password Reset Confirmation Code ConfirmSmsCode excessive authentication
A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of...
CVE-2023-33468
KramerAV VIA Connect 2 and VIA Go 2 devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical scree...
CVE-2023-33468
KramerAV VIA Connect 2 and VIA Go 2 devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical scree...
CVE-2023-33468
KramerAV VIA Connect 2 and VIA Go 2 devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical scree...
PT-2023-24349 · Kramerav · Kramerav Via Connect +1
Name of the Vulnerable Software and Affected Versions: KramerAV VIA Connect 2 and VIA Go 2 versions prior to 4.0.1.1326 Description: The issue allows for remote manipulation of the device by extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the...
CVE-2023-33468
KramerAV VIA Connect 2 and VIA Go 2 devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical scree...
CVE-2019-8113
Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration...
QIWI: Возможность регистрации на сайте qiwi.com на любой номер телефона
Summary При регистрации на сайте qiwi.com присылается один и тот же код подтверждения в СМС. Impact Возможность зарегистрироваться под любым новым пользователем за счет перебора кода из СМС...
madpaws.com.au XSS vulnerability
Open Bug Bounty ID: OBB-570436 Description| Value ---|--- Affected Website:| madpaws.com.au Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2007-5579
login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter...
CVE-2007-5579
Pligg CMS 9.5 is affected by CVE-2007-5579 through login.php, where a guessable confirmation code enables password reset by an attacker knowing a username. The root cause is a predictable confirmationcode parameter used during forgotten-password flow, allowing an unauthorized password reset with ...
pligg-password.txt
Pligg critical vulnerability Concerned version : 9.5 and ? Description : Pligg is a flexible CMS based on PHP and MYSQL. To reinitialize a forgotten password, Pligg follows a classical process. A confirmation code is generated and sent by email to the concerned user mail box. The user has to foll...
Pligg critical vulnerability
Pligg critical vulnerability Concerned version : 9.5 and ? Description : Pligg is a flexible CMS based on PHP and MYSQL. To reinitialize a forgotten password, Pligg follows a classical process. A confirmation code is generated and sent by email to the concerned user mail box. The user has to foll...