4 matches found
CVE-2019-15749
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account e.g., via XSS or an unattended workstation to change that password and...
CVE-2018-10641
D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext...
Arbitrary User Password Reset Vulnerability in Kingsoft Wordsmith Android App
Kingsoft Wordsmith is a free translation and learning software from Kingsoft. Kingsoft wordmaster android app there is any user password reset vulnerability, the vulnerability arises from the change of password did not increase the verification of the old password due to the attacker can take...
CVE-2007-6661
2z project 0.9.6.1 allows attackers to change the password without supplying the old password...