217 matches found
CVE-2021-36436
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...
CVE-2021-36436
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...
Session fixation
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...
CVE-2021-36436
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...
CVE-2021-36436
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...
PT-2023-12274 · Unknown · Mobicint Backend For Credit Unions
Name of the Vulnerable Software and Affected Versions: Mobicint Backend for Credit Unions version 3 Description: An issue in the software allows attackers to retrieve partial email addresses and user-entered information via submission to the "forgotten-password endpoint". Recommendations: For...
Mobicint 授权问题漏洞
Mobicint is Mobicint's mobile and desktop service for financial institutions. A security vulnerability exists in Mobicint version v3, which stems from the ability to retrieve partial e-mail addresses and user-entered information via the forgotten-password API...
UBUNTU-CVE-2023-28632
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user c...
PT-2023-3260 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.83 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to incorrect privilege management in GLPI, allowing an authenticated user to modify emails of any other user, including the administrator'...
Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023
Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...
Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023
Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...
CVE-2022-25027
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...
CVE-2022-25027
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...
PT-2023-12776 · Rocket · Rocket Trufusion Portal
Name of the Vulnerable Software and Affected Versions: Rocket TRUfusion Portal version 7.9.2.1 Description: The issue concerns the Forgotten Password functionality, which allows remote attackers to bypass authentication. This is achieved by validating the user's session token when the "Password...
CVE-2022-25027
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...
XWiki Platform 安全漏洞
XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. The XWiki Platform suffers from an information disclosure vulnerability that originates from the fact that when using XWiki's "Reset forgotten password" feature, passwords are stored in...
CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...
CVE-2022-3422
Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgotpasswordtoken the hacker can send the request and changed the pass...
Design/Logic Flaw
Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgotpasswordtoken the hacker can send the request and changed the pass...
PT-2022-22085 · Git +1 · Tooljet +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows for account takeover. When an attacker gains access to certain information, they can see the hashed password, which can potentially be...