24 matches found
EUVD-2018-8772
Malware in sbrugna...
EUVD-2006-2546
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2025-23162
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/vf: Don't try to trigger a full GT reset if VF VFs don't have access to the GDRST0x941c register that driver uses to reset a GT. Attempt to trigger a res...
PT-2025-28034
Name of the Vulnerable Software and Affected Versions Netmake ScriptCase versions prior to 9.12.006 23 Description The Production Environment extension contains a flaw in the administrator password reset mechanism. An unauthenticated remote attacker can bypass authentication and take over the...
CVE-2025-48936
Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...
CVE-2025-29995
The CVE-2025-29995 entry refers to a vulnerability in the CAP back office application caused by a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit the vulnerable API endpoint to achieve account takeover of targeted us...
BMC TrackIt! Unauthenticated Arbitrary User Password Change
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BMC TrackIt! Unauthenticated Arbitrary User Password Change', 'Description' = %q This module exploits a flaw in the password reset mechanism in B...
CVE-2023-38825
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...
CVE-2023-38825
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...
Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab
CVE-2023-7028 | Account-Take-Over Gitlab Disclamer This co...
CVE-2023-30466 Authentication Bypass Vulnerability in Milesight Network Video Recorder (NVR)
This vulnerability exists in Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC, due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a...
CVE-2023-30466
CVE-2023-30466 affects Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG/E/T/H/C). The root cause is a weak password-reset mechanism in the NVR web-based management interface, enabling a remote attacker to perform account takeover via specially crafted HTTP requests. The connected sources provid...
PT-2022-6293 · Апекс-Вуз · Апекс-Вуз
Name of the Vulnerable Software and Affected Versions: Апекс-ВУЗ affected versions not specified Description: The issue is related to the password reset mechanism in the education automation system, which uses the SHA-1 encryption algorithm with insufficient strength. This could allow a remote...
Authentication flaw
An authentication bypass account takeover vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php...
CVE-2021-41696
The CVE-2021-41696 entry concerns Premiumdatingscript 4.2.7.7, where an authentication bypass/account takeover arises from a weak password reset mechanism in requests\user.php. This vulnerability enables bypassing authentication without user interaction,典ically allowing unauthorized access and po...
CVE-2021-41696
An authentication bypass account takeover vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php...
CVE-2018-16988
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass account takeover exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a...
CVE-2018-16988
Open XDMoD
Vulnerability in Robots Can Lead To Costly Ransomware Attacks
CANCUN, Mexico – A vulnerability in Softbank Robotics’ NAO and Pepper robots can lead to costly ransomware attacks that could cause robots deployed in businesses to stop working, curse at customers, or even perform violent movements. The vulnerability was disclosed at Kaspersky Lab’s Security...
74cms最新版重置任意账号密码
简要描述: 密码重置机制可以绕过,同时可重置任意账号密码 demo测试成功 详细说明: 先看下 \user\usergetpass.php $act = !empty$REQUEST'act' ? trim$REQUEST'act' : 'enter'; $smarty-assign'headernav',"getpass"; if $act=='enter' $smarty-assign'title','找回密码 - '.$CFG'sitename'; $token=substrmd5mtrand100000, 999999, 8,16; //生成token...