4 matches found
CVE-2024-28143
The CVE-2024-28143 issue affects Image Access Scan2Net software (Image Access Germany) via the password-change function at /cgi/admin.cgi, where the current/old password is not required. This enables an attacker to set a new password for a user without knowing the old one, potentially via CSRF. T...
DirectCyber Evolution Controller 安全漏洞
DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used to controller physical access to facilities. A security vulnerability exists in DirectCyber Evolution Controller version 2.x and prior versions that stems from default credentials on the...
CVE-2019-20481
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480...
Hiro: No Confirmation Email For Email Change
https://forum.blockstack.org/u/username/preferences/email Hello, it looks like there is a security flaw in this part. While changing email address from email1 to email2. A Confirmation email is sent to email2 not to email1 which is the main account. This can lead to account lost if someone has us...