Webmin 1.920 password_change.cgi Backdoor Exploit

This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attackers inserted Perl qx statements into the build server's source code on two separate...

Webmin password_change.cgi Backdoor

This module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attackers inserted Perl qx statements into the build server's source code on two separate occasions: onc...

CVE-2018-9082

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their...

CVE-2018-6023

Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc...

Dodocool DC38 N300 - Cross-site Request Forgery

Dodocool DC38 N300 - Cross-site Request Forgery Exploit Title: DODOCOOL DC38 N300 Cross-site Request Forgery Date: 17-01-2018 Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: DODOCOOL Vendor Homepage: www.dodocool.com Version: RTN2-AW.GD.R3465.1.20161103 CVE:...

CVE-2017-7505

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organizations can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global...

CVE-2015-3270

Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords...

MySQL 3.22.27/3.22.29/3.23.8 GRANT Global Password Changing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/926/info MySQL is a popular RDBMS used by many websites as a back-end. It is possible for users with GRANT access to change passwords for every user in the database including the mysql superuser. MySQL also ships with a...

IPNPro3 <= 1.44 - Admin Password Changing Exploit

No description provided by source. ?php / ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

Scientific Linux Security Update : pam_krb5 on SL3.x i386/x86_64

These updated pam-krb5 packages fix a bug which caused user authentication to fail under certain circumstances. When authenticating a user, if the user's password was expired, the module would attempt to obtain password-changing credentials in order to verify the user's password. When the module...

Scientific Linux Security Update : pam_krb5 on SL5.x i386/x86_64

A flaw was found in pamkrb5. In some non-default configurations specifically, those where pamkrb5 would be the first module to prompt for a password, the text of the password prompt varied based on whether or not the username provided was a username known to the system. A remote attacker could us...

Ubuntu 9.10 / 10.04 LTS / 10.10 : krb5 vulnerability (USN-1116-1)

Felipe Ortega discovered that kadmind did not correctly handle password changing error conditions. An unauthenticated remote attacker could exploit this to crash kadmind, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from...

krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285]

An advisory published by the MIT Kerberos team says: The password-changing capability of the MIT krb5 administration daemon kadmind has a bug that can cause it to attempt to free an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of...

pam_krb5 security and bug fix update

2.2.14-15 - update backport for selecting which key to use for validation so that it prefers services with the local host name as the instance, from HEAD more of 450776 2.2.14-14 - backport the 'multipleccaches' option from HEAD, requiring that it be enabled to not immediately remove an old ccach...

MetaBBS 0.11 Password Changing Exploit

Metabbs 0.11 2008-08-06 19:56 Admin password Header file Footer File Site theme Language Always Use Default Language TimeZone...

ReVou Twitter Clone Admin Password Changing Exploit

Exploit for unknown platform in category web applications =================================================== ReVou Twitter Clone Admin Password Changing Exploit =================================================== ?php / ============================================================================...

ReVou Twitter Clone Admin Password Changing Exploit

No description provided by source. ?php / ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

PayPal eStore Admin Password Changing Exploit

No description provided by source. ?php / ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

Bonza Cart &lt;= 1.10 Admin Password Changing Exploit

No description provided by source. ?php / ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

Bonza Cart 1.10 - Admin Password Changing

Bonza Cart 1.10 - Admin Password Changing === LIVE === » removed... === Greetz === » ALLAH » Tornado2800 »...