10 matches found
EUVD-2010-2129
Malware in sbrugna...
CVE-2024-28275
Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.163090516 was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests...
PT-2024-22374 · Puwell Cloud Tech Co · 360Eyes Pro
Name of the Vulnerable Software and Affected Versions: Puwell Cloud Tech Co, Ltd 360Eyes Pro version 3.9.5.16 Description: The issue allows attackers to intercept and access sensitive information because it transmits this data in cleartext. This includes users' credentials and password change...
Host Header Injection
pimcore/admin-ui-classic-bundle is vulnerable to Host Header Injection. The vulnerability is due to missing Host header validation. An attacker can a send password change requests to a user, specifying a "Host" header of a website they control, resulting in them receiving the password token,...
CVE-2023-46380
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions send password-change requests via cleartext HTTP...
MS16-137: Security update for Windows authentication methods: November 8, 2016
Resolves a vulnerability in Windows that could allow elevation of privilege.SummaryThis security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first have to...
CVE-2015-1147
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2015-1147
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password...
CVE-2009-4906
Cross-site request forgery CSRF vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords...