CVE-2024-11068 D-Link DSL6740C - Incorrect Use of Privileged APIs

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account...

CVE-2023-46534

TP-LINK TL-WR886N V7.03.0.14Build221115Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister...

TP-LINK WR886N Buffer Error Vulnerability

The TP-LINK WR886N is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK TL-WR886N V7.03.0.14Build221115Rel.56908n.bin version, which originates from a buffer overflow vulnerability in the modifyAccPwdRegister method...

GHSA-V25C-8349-V2Q3 Incorrect Authorization in thinkcmf

thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required...

xiaohuanxiong CMS cross-site request forgery vulnerability

xiaohuanxiong CMS is a comic book CMS. xiaohuanxiong CMS version 5.0.17 is vulnerable to cross-site request forgery, which stems from a WEB application that does not sufficiently validate that the request is from a trusted user. An attacker could use this vulnerability to modify the password of t...

CVE-2021-22773

A CWE-620: Unverified Password Change vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker...

Xi'an Baolian Network Technology Co., Ltd. construction system has logical flaws and vulnerabilities

Xi'an BaiLian Network Technology Co., Ltd. is the first technology company specializing in bearing industry management software development and bearing industry portal design. There is a logic flaw vulnerability in the construction system of Xi'an Bailian Network Technology Co. Attackers take...

CVE-2018-7904

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft build 3.0.0-25.4.swsoft allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd...

CVE-1999-0902

ypserv allows local administrators to modify password tables...