Lucene search
K

7 matches found

OSV
OSV
added 2026/05/20 3:45 p.m.5 views

GHSA-9QV9-8XV6-5P35 phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation

Summary The password reset API can be triggered without authentication and without any out-of-band confirmation step. If an attacker knows a valid username + email pair, they can call the reset endpoint directly. The application immediately generates a new password, writes it to the account, and...

8.2CVSS5.8AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2022/05/13 1:12 a.m.17 views

GHSA-5659-G9P4-354F Moodle allows attackers to bypass a forced-password-change requirement

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token...

4CVSS5.8AI score0.01712EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.22 views

Moodle allows attackers to bypass a forced-password-change requirement

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token...

4CVSS6.3AI score0.01712EPSS
Exploits0References9Affected Software1
OpenVAS
OpenVAS
added 2017/04/12 12:0 a.m.32 views

Unitrends < 9.1.2 Multiple Vulnerabilities

Unitrends is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS7.1AI score0.06179EPSS
Exploits5References1
NVD
NVD
added 2015/06/01 7:59 p.m.14 views

CVE-2015-2272

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token...

4CVSS6AI score0.01712EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2015/06/01 7:59 p.m.24 views

CVE-2015-2272

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token...

4CVSS5.9AI score0.01712EPSS
Exploits0References3
Drupal
Drupal
added 2014/07/16 12:0 a.m.15 views

SA-CONTRIB-2014-070 - Password Policy - Access Bypass

The Password Policy module enables you to define and enforce password policies with various constraints on allowable user passwords. Access Bypass 7.x only Password Policy has a Password Change Tab submodule which provides a tab for a user to change their password. Password Policy also has a...

7.1AI score
Exploits0References13
Rows per page
Query Builder