4 matches found
CVE-2014-6607
CVE-2014-6607 affects M/Monit 3.3.2 and earlier. The issue is a CSRF vulnerability where an attacker can change any user’s password via the fullname and password parameters to /admin/users/update because the application does not verify the original password before changing it. Impact is remote co...
CVE-2014-6607
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409...
M/Monit 3.2.2 Cross Site Request Forgery Vulnerability
M/Monit versions 3.2.2 and below suffer from multiple cross site request forgery vulnerabilities. Application: M/Monit 3.2.2 Author: Dolev Farhi @dolevff Date: 13.9.2014 Relevant CVEs: CVE-2014-6409, CVE-2014-6607 Vulnerable version: CSRF poc M/monit 3. Mitigation Software vendor confirmed the...
M/Monit 3.2.2 Cross Site Request Forgery
Application: M/Monit 3.2.2 Author: Dolev Farhi @dolevff Date: 13.9.2014 Relevant CVEs: CVE-2014-6409, CVE-2014-6607 Vulnerable version: CSRF poc M/monit 3. Mitigation Software vendor confirmed the issue, and a fix might be released in the future. 4. Time line: 15.9 - Found vulnerabilities 15.9 -...