EUVD-2015-8155

Malware in sbrugna...

HughesNet HT2000W Satellite Modem Password Reset

Exploit Title: HughesNet HT2000W Satellite Modem Arcadyan httpd 1.0 - Password Reset Date: 7/16/24 Exploit Author: Simon Greenblatt Vendor: HughesNet Version: Arcadyan httpd 1.0 Tested on: Linux CVE: CVE-2021-20090 import sys import requests import re import base64 import hashlib import urllib re...

GHSA-W969-PQ6X-267J INTER-Mediator Cross-Site Scripting (XSS)

Multiple Cross-Site Scripting XSS issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data c and cred passed to the "INTER-Mediator-master/AuthSupport/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML...

Cross-site Scripting (XSS) - Reflected in bigprof-software/online-invoicing-system

✍️ Description Application is vulnerable to XSS through key parameter. Line 85 of membershippasswordReset.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in membershippasswordReset.php at line 85...

CVE-2020-13421

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions...

CVE-2015-7567

SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter...

Sql injection

SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter...

CVE-2015-7567

SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter...

CVE-2017-14134

CVE-2017-14134 affects Maplesoft Maple T.A. 2016.0.6 (Customer Hosted). The vulnerability is a Reflected XSS in the forgotten password page, exploitable via the emailAddress parameter to passwordreset/PasswordReset.do. CVSS details indicate low to moderate impact (Confidentiality/Integrity potent...

Cross site scripting

Multiple Cross-Site Scripting XSS issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data c and cred passed to the "INTER-Mediator-master/AuthSupport/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML...

CVE-2017-6484

Multiple Cross-Site Scripting XSS issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data c and cred passed to the "INTER-Mediator-master/AuthSupport/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML...

CVE-2017-6484

Multiple Cross-Site Scripting XSS issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data c and cred passed to the "INTER-Mediator-master/AuthSupport/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML...

InvoicePlane Password Reset Vulnerability

InvoicePlane is a free and open source goods billing and customer management software. A password reset vulnerability exists in the index.php/sessions/passwordreset page of InvoicePlane version 1.4.8, which can be exploited by an attacker to reset the password of any user...

CVE-2015-8267

The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username...

Design/Logic Flaw

The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username...

CVE-2015-8267

The vulnerability CVE-2015-8267 affects Dovestones AD Self Password Reset prior to 3.0.4.0, where PasswordReset.Controllers.ResetController.ChangePasswordIndex() in PasswordReset.dll fails to properly validate the requesting user. An unauthenticated, remote attacker can reset arbitrary passwords ...

KLA10726 Security bypass vulnerability in Dovetones AD Self Password Reset

An unspecified vulnerability was found in Dovestones AD Self Password Reset. By exploiting this vulnerability malicious users can reset arbitrary passwords. This vulnerability can be exploited remotely via a specially designed request. Technical details This vulnerability related to...

Automattic: User Enumeration and Guessable User Account Attack on WORDPRESS

Hello, I found another bug on https://wordpress.com. Here any hacker can find out all registered users on wordpress.com. Here are the details of the same. How is wordpress.com is working? ============================ 1. You have Reset Password Page --...

CVE-2014-3966

Cross-site scripting XSS vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username...

Cross site scripting

Cross-site scripting XSS vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username...