Lucene search
K

4 matches found

CVE
CVE
added 2014/10/06 11:0 p.m.36 views

CVE-2014-6607

CVE-2014-6607 affects M/Monit 3.3.2 and earlier. The issue is a CSRF vulnerability where an attacker can change any user’s password via the fullname and password parameters to /admin/users/update because the application does not verify the original password before changing it. Impact is remote co...

7.5CVSS7AI score0.06647EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2014/10/06 11:0 p.m.17 views

CVE-2014-6607

M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409...

6.8AI score0.06647EPSS
Exploits3References3
0day.today
0day.today
added 2014/09/20 12:0 a.m.29 views

M/Monit 3.2.2 Cross Site Request Forgery Vulnerability

M/Monit versions 3.2.2 and below suffer from multiple cross site request forgery vulnerabilities. Application: M/Monit 3.2.2 Author: Dolev Farhi @dolevff Date: 13.9.2014 Relevant CVEs: CVE-2014-6409, CVE-2014-6607 Vulnerable version: CSRF poc M/monit 3. Mitigation Software vendor confirmed the...

7.5CVSS6.6AI score0.06647EPSS
Exploits4
Packet Storm
Packet Storm
added 2014/09/19 12:0 a.m.31 views

M/Monit 3.2.2 Cross Site Request Forgery

Application: M/Monit 3.2.2 Author: Dolev Farhi @dolevff Date: 13.9.2014 Relevant CVEs: CVE-2014-6409, CVE-2014-6607 Vulnerable version: CSRF poc M/monit 3. Mitigation Software vendor confirmed the issue, and a fix might be released in the future. 4. Time line: 15.9 - Found vulnerabilities 15.9 -...

7.5CVSS0.5AI score0.06647EPSS
Exploits4
Rows per page
Query Builder