CVE-2021-47946

OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...

EUVD-2019-5596

Malware in sbrugna...

CVE-2025-56710

A Cross-Site Request Forgery CSRF vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, ...

CVE-2024-36691

Insecure permissions in the AdminController.AjaxSave method of PPGoJobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information...

GHSA-H595-VWHC-3XWX Apache Archiva Incorrect Authorization vulnerability

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do...

Authorization

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do...

PT-2023-6594 · Tp Link · Tp-Link Tl-Wr886N

Name of the Vulnerable Software and Affected Versions: TP-LINK TL-WR886N version 7.0 3.0.14 Build 221115 Rel.56908n.bin Description: The issue is related to a stack overflow in the modifyAccPwdRegister function, which can be exploited by a remote attacker to impact the integrity, availability, an...

CVE-2022-2568

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges...

CVE-2022-2568

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges...

CVE-2022-2568

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges...

CVE-2021-44630

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloudconfig/routerpost/modifyaccountpwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request...

TP-Link WR886N 安全漏洞

TP-Link TL-WR886N is a wireless router from China Pulink.A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 2.3.8, which originates from the /cloudconfig/routerpost/modifyaccountpwd function on memory execution An authenticated attacker could use this vulnerability to execute...

cPanel cross-site scripting vulnerability (CNVD-2019-26366)

cPanel is a set of the most prestigious commercial software in the web hosting industry, which is based on Linux and BSD system, developed in PHP and closed-source software in nature, providing powerful and quite complete hosting management functions. A stored cross-site scripting vulnerability...

CVE-2019-14390

cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface SEC-512...

CVE-2019-14390

cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface SEC-512...

Cross site scripting

cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface SEC-512...

CVE-2019-14390

cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface SEC-512...

Windows Manage RID Hijacking

This module will create an entry on the target by modifying some properties of an existing account. It will change the account attributes by setting a Relative Identifier RID, which should be owned by one existing account on the destination machine. Taking advantage of some Windows Local Users...

Cross site request forgery (csrf)

Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account detail...

CVE-2017-1000008

Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password...