24 matches found
CVE-2026-33133 WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive
WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...
EUVD-2006-5771
Malware in sbrugna...
EUVD-2012-5091
Malware in sbrugna...
CVE-2022-37435
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...
CVE-2021-31677
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords...
Intelligent Baseboard Management Controller elevation of privilege vulnerability in multiple Huawei products
Huawei 1288H V5 and others are different models of server equipment from Huawei, China.Intelligent Baseboard Management Controller iBMC is one of the embedded server intelligent management system. A privilege-lifting vulnerability exists in iBMC in several Huawei products. A remote attacker could...
CVE-2018-8898
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 A1WI20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT77616E6771696F6E67" allows unauthenticated attackers to perform arbitrary modification read, write to passwords and configurations meanwhile an...
CVE-2018-8898
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 A1WI20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT77616E6771696F6E67" allows unauthenticated attackers to perform arbitrary modification read, write to passwords and configurations meanwhile an...
Cross site request forgery (csrf)
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery CSRF vulnerability...
Design/Logic Flaw
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...
Code injection
Resource Data Management RDM Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors...
Code injection
Resource Data Management Data Manager before 2.2 allows remote authenticated users to modify arbitrary passwords via unspecified vectors...
CVE-2012-5168
ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to 1 user/indexinlineeditorsubmit.php or 2 coursecategory/indexinlineeditorsubmit.php...
Design/Logic Flaw
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors...
Server side request forgery (ssrf)
CuteFlow 2.10.3 and 2.11.0c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request...
CVE-2008-6523
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users...
Code injection
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...
CVE-2006-1620
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...