CVE-2019-25708

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...

EUVD-2023-40112

Malicious code in bioql PyPI...

EUVD-2022-44664

Malicious code in bioql PyPI...

CVE-2023-36133

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change...

HMS EWON FLEXY 202 安全漏洞

HMS EWON FLEXY 202 is a multi-purpose IIoT data gateway from HMS Sweden. Allows machine builders and users to monitor and collect important KPIs for analysis and predictive maintenance. A security vulnerability exists in the HMS EWON FLEXY 202 that stems from transmitting user credentials in...

Rescan of Cloud Native Machines in Azure Fails After Credentials Change

Challenge After the Azure Storage account is changed, rescan of Cloud Native Agents e.g., Veeam Agent for Microsoft Windows , Veeam Agent for Linux fails with the error: Warning Failed to connect to Details: Azure REST API error. HTTP code: 403. Azure error: AuthenticationFailed. Full error:...

CVE-2023-23078

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets...

CVE-2022-2105

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters...

TRENDnet TEW-831DR 跨站请求伪造漏洞

The TRENDnet TEW-831DR is a router from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEW-831DR version 1.0 601.130.1.1356, which originates from the web interface's username and password settings that do not require the entry of an existing password. A malicious user can change...

PT-2021-21818 · Icinga +1 · Icinga +1

Name of the Vulnerable Software and Affected Versions: Icinga versions 2.5.0 through 2.13.0 Description: Icinga is a monitoring system that checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The issue arises in the...

CVE-2021-27734

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users...

CVE-2018-19318

SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account...

NuCom NC-WR644GACV Unauthenticated Configuration File Download Vulnerability

NuCom NC-WR644GACV with software versions STA 005 and below suffer from a configuration file download vulnerability that allows for extraction of the administrative credentials. Overview ======== Researchers of NVEL4 Cybersecurity company have discovered that it is possible to access to the confi...

SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change

!/bin/bash SIEMENS IP Camera CCMW1025 x.2.2.1798 remote change admin user/password Copyright 2016 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose ONLY. Do not use it without permission. The usu...

ZeusCart 4.0 - Cross-Site Request Forgery

ZeusCart 4.0 - Cross-Site Request Forgery ZeusCart 4.0: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendo...