Lucene search
+L

217 matches found

OSV
OSV
added 2023/04/20 9:15 p.m.3 views

CVE-2021-36436

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

5.3CVSS5.8AI score0.00523EPSS
Exploits1References1
NVD
NVD
added 2023/04/20 9:15 p.m.11 views

CVE-2021-36436

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

5.3CVSS5.1AI score0.00523EPSS
Exploits1References1
Prion
Prion
added 2023/04/20 9:15 p.m.14 views

Session fixation

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

5CVSS5.1AI score0.00523EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/04/20 12:0 a.m.13 views

CVE-2021-36436

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

5.4AI score0.00523EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/04/20 12:0 a.m.7 views

CVE-2021-36436

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

5.1AI score0.00523EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/20 12:0 a.m.6 views

PT-2023-12274 · Unknown · Mobicint Backend For Credit Unions

Name of the Vulnerable Software and Affected Versions: Mobicint Backend for Credit Unions version 3 Description: An issue in the software allows attackers to retrieve partial email addresses and user-entered information via submission to the "forgotten-password endpoint". Recommendations: For...

5.3CVSS4.9AI score0.00523EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/20 12:0 a.m.5 views

Mobicint 授权问题漏洞

Mobicint is Mobicint's mobile and desktop service for financial institutions. A security vulnerability exists in Mobicint version v3, which stems from the ability to retrieve partial e-mail addresses and user-entered information via the forgotten-password API...

5.3CVSS5.7AI score0.00523EPSS
Exploits1References2
OSV
OSV
added 2023/04/05 3:15 p.m.4 views

UBUNTU-CVE-2023-28632

GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user c...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.6 views

PT-2023-3260 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.83 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to incorrect privilege management in GLPI, allowing an authenticated user to modify emails of any other user, including the administrator'...

10CVSS6.1AI score0.99628EPSS
Exploits40References207
Microsoft Secure
Microsoft Secure
added 2023/03/22 4:0 p.m.48 views

Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...

6.5AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/03/22 4:0 p.m.53 views

Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...

6.5AI score
Exploits0
NVD
NVD
added 2023/01/12 11:15 p.m.22 views

CVE-2022-25027

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...

7.5CVSS7.8AI score0.01057EPSS
Exploits0References1
OSV
OSV
added 2023/01/12 11:15 p.m.4 views

CVE-2022-25027

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...

7.5CVSS5.8AI score0.24353EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.5 views

PT-2023-12776 · Rocket · Rocket Trufusion Portal

Name of the Vulnerable Software and Affected Versions: Rocket TRUfusion Portal version 7.9.2.1 Description: The issue concerns the Forgotten Password functionality, which allows remote attackers to bypass authentication. This is achieved by validating the user's session token when the "Password...

7.5CVSS7AI score0.24353EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.31 views

CVE-2022-25027

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...

8AI score0.01057EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.44 views

XWiki Platform 安全漏洞

XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. The XWiki Platform suffers from an information disclosure vulnerability that originates from the fact that when using XWiki's "Reset forgotten password" feature, passwords are stored in...

6.5CVSS5.9AI score0.0045EPSS
Exploits0References6
OSV
OSV
added 2022/11/23 12:0 a.m.41 views

CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...

6.2CVSS6.6AI score0.0045EPSS
Exploits0References7
NVD
NVD
added 2022/10/07 11:15 a.m.11 views

CVE-2022-3422

Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgotpasswordtoken the hacker can send the request and changed the pass...

9.8CVSS0.00802EPSS
Exploits1References2
Prion
Prion
added 2022/10/07 11:15 a.m.14 views

Design/Logic Flaw

Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgotpasswordtoken the hacker can send the request and changed the pass...

5CVSS7.5AI score0.00802EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/07 12:0 a.m.8 views

PT-2022-22085 · Git +1 · Tooljet +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows for account takeover. When an attacker gains access to certain information, they can see the hashed password, which can potentially be...

9.8CVSS8.5AI score0.00802EPSS
Exploits1References5
Rows per page
Query Builder