22 matches found
EUVD-2018-8807
Malware in sbrugna...
CVE-2014-3792
Cross-site request forgery CSRF vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewToolsPassword and uiViewToolsPasswordConfirm parameters to...
CVE-2023-43183
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account...
CVE-2023-43183
CVE-2023-43183 affects Reprise License Manager (RLM) v15.1. An incorrect access control vulnerability allows a read-only user to arbitrarily change an administrator’s password and hijack the admin account. The issue is documented across multiple sources (NVD/Red Hat/CVE list) and has public PoCs/...
CVE-2023-43183
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account...
CVE-2023-36917
SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impa...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in D-Link DWR-113 Rev. Ax with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors...
CVE-2018-17023
Cross-site request forgery CSRF vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.38432738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to startapply.htm...
CVE-2017-9415
Cross-site request forgery CSRF vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view...
CVE-2017-1000008
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password...
Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: CSRF XFINITY Gateway product Technicolorpreviously Cisco DPC3941T Date: 09/08/2016 Exploit Author: Ayushman Dutta Version: dpc3941-P20-18-v303r20421733-160413a-CMCST CVE : CVE-2016-7454 The Device DPC3941T is vulnerable to...
CVE-2013-6852
CVE-2013-6852 affects HP 2620 switches, specifically the vulnerable component is the html/json.html CSRF implementation. The issue allows remote attackers to hijack administrator authentication and issue requests that change the device password via the setPassword method. The underlying root caus...
CVE-2013-5316
Cross-site request forgery CSRF vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php...
CVE-2013-5316
Cross-site request forgery CSRF vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in modules/config/adminutente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password...
Linux/MIPS - add userUID 0 with password - 164 bytes
Linux/MIPS - add userUID 0 with password - 164 bytes. Shellcode exploit for linux platform / Title: Linux/MIPS -add userUID 0 with password - 164 bytes Date: 2011-11-24 Author: rigan - imrigan at gmail.com Note: Username - rOOt Password - pwn3d / include char sc = "\x24\x09\x73\x50" // li t1,2952...
CVE-2009-4827
Cross-site request forgery CSRF vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action...
WordPress Hack Linked to Database Password Hijack
Malicious hackers have found a way to hijack WordPress database credentials and use that information to redirect thousands of blogs to Web sites laden with malware. The attacks, which started last Friday, occurred mostly on WordPress blogs hosted by Network Solutions but it appears that there are...