5 matches found
Improper Authentication
ibexa/user is vulnerable to improper authentication. The vulnerability is due to an error in the password validation logic during the transition from v4 to v5, which allows an attacker to change the account password without knowing the previous password by exploiting an active authenticated sessi...
Ibexa User Bundle is missing password change validation
Impact The vulnerability is in the password change dialog in the back office. During the transition from v4 to v5 a mistake was made in the validation code which caused the validation of the previous password to not run as expected. This made it possible for a logged in user to change password in...
OpenDaylight Karaf Information Disclosure Vulnerability
OpenDaylight, a project of the Linux Foundation in the United States, is a set of community-driven open source software-defined networking frameworks that contain an ensemble of modules capable of performing networking tasks that need to be done quickly.Karaf is an OSGi-based runtime environment...
CVE-2016-2349
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password...