6 matches found
CVE-2021-47953 OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password
OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and...
EUVD-2015-2791
Malware in sbrugna...
CVE-2022-43326
An Insecure Direct Object Reference IDOR vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4. allows attackers to arbitrarily change user and Administrator account passwords...
CVE-2021-25323
The default setting of MISP 2.4.136 did not enable the requirements aka requirepasswordconfirmation to provide the previous password when changing a password...
CVE-2019-1010094
domainmod v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector...
GuangWei GuangWei Honda APPv2.1 has information leakage vulnerability
GuangWei GAC Honda APP is an APP that provides car owners with remote control of their cars, one-click car inspection, GPS positioning, violation information query, fuel consumption analysis, convenient merchant interaction, quick query of car information and other functions. A vulnerability exis...