18 matches found
CVE-2020-37172
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37158
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37158 AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37158 AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37158
AVideo Platform 8.1 is affected by a cross-site request forgery that enables an attacker to reset user passwords via the password recovery flow. The vulnerability arises from abusing the recoverPass endpoint using a user’s recovery token to change credentials without authentication. Affected comp...
CVE-2020-37158
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37172
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37172
CVE-2020-37172 affects AVideo Platform 8.1. The issue is a cross-site request forgery that lets an unauthenticated attacker use a user’s recovery token via the recoverPass endpoint to change credentials, including password reset. The vulnerability is evaluated with a CVSS v3.1 base score of 9.8 (...
CVE-2020-37172 AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37172 AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
PT-2026-7671
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
WWBN AVideo License Issue Vulnerability
WWBN AVideo is a video platform builder written in PHP by the WWBN team. WWBN AVideo suffers from an authorization issue vulnerability that stems from an under-entropy vulnerability in the recoverPass generation method on the userRecoverPass.php page...
PT-2024-13757 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: An insufficient entropy issue exists in the userRecoverPass.php recoverPass generation functionality. This can be exploited by sending a specially crafted HTTP request, potentially leading...
CVE-2021-21286
AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the...
CVE-2021-21286
AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the...
CVE-2021-21286 Authorization Bypass in AVideo Platform
AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the...
ClipShare 2.6 Remote User Password Change Exploit
No description provided by source. !/usr/bin/perl -w priv8 Pr0metheuS Exploit Name: Clipshare Remote User Password Change Exploit Version Script: Clipshare 2.6 Dork: "Powered by Clipshare" EnjoY print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"; print "\nClipshare 2.6 Remote User Passord...
ClipShare 2.6 - Remote User Password Change
!/usr/bin/perl -w priv8 Pr0metheuS Exploit Name: Clipshare Remote User Password Change Exploit Version Script: Clipshare 2.6 Dork: "Powered by Clipshare" EnjoY print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"; print "\nClipshare 2.6 Remote User Passord Change Exploit\n"; print "\nBy...