Lucene search
K

4 matches found

Prion
Prion
added 2014/10/06 11:55 p.m.9 views

Design/Logic Flaw

M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409...

7.5CVSS7.3AI score0.06647EPSS
Exploits4References3Affected Software1
CVE
CVE
added 2014/10/06 11:0 p.m.40 views

CVE-2014-6409

CVE-2014-6409 is a CSRF vulnerability in M/Monit 3.3.2 and earlier. The issue allows an attacker to hijack administrator sessions and trigger password changes by submitting requests to /admin/users/update with fullname and password parameters. The root cause is lack of sufficient CSRF protection ...

6.8CVSS7.3AI score0.02268EPSS
Exploits3References4Affected Software1
0day.today
0day.today
added 2014/09/20 12:0 a.m.29 views

M/Monit 3.2.2 Cross Site Request Forgery Vulnerability

M/Monit versions 3.2.2 and below suffer from multiple cross site request forgery vulnerabilities. Application: M/Monit 3.2.2 Author: Dolev Farhi @dolevff Date: 13.9.2014 Relevant CVEs: CVE-2014-6409, CVE-2014-6607 Vulnerable version: CSRF poc M/monit 3. Mitigation Software vendor confirmed the...

7.5CVSS6.6AI score0.06647EPSS
Exploits4
Packet Storm
Packet Storm
added 2014/09/19 12:0 a.m.31 views

M/Monit 3.2.2 Cross Site Request Forgery

Application: M/Monit 3.2.2 Author: Dolev Farhi @dolevff Date: 13.9.2014 Relevant CVEs: CVE-2014-6409, CVE-2014-6607 Vulnerable version: CSRF poc M/monit 3. Mitigation Software vendor confirmed the issue, and a fix might be released in the future. 4. Time line: 15.9 - Found vulnerabilities 15.9 -...

7.5CVSS0.5AI score0.06647EPSS
Exploits4
Rows per page
Query Builder