EUVD-2018-21648

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authenticati...

CVE-2018-25196 ServerZilla 1.0 SQL Injection via email Parameter

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authenticati...

PT-2026-23705

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authenticati...

EUVD-2017-5646

Malware in sbrugna...

EUVD-2021-25561

Malware in sbrugna...

CVE-2025-59747 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in...

Movable Type 输入验证错误漏洞

Movable Type is a content management system from Movable Type, Inc. A security vulnerability exists in Movable Type that stems from the possibility that invalid parameters may be inserted into the password reset page, resulting in a redirection to an arbitrary URL...

DotCMS 安全漏洞

DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in DotCMS that originates from a URL parameter in the login page for resetting a password that can inject HTML code...

CVE-2023-51741

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

CVE-2023-51741

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

Authentication flaw

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

CVE-2023-51741 Cleartext Submission of Password vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

CVE-2024-0425

A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=resetadminpsw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the publ...

GHSA-7J9H-3JXF-3VRF Denial of service vulnerability on Password reset page

Impact Previous versions of Kiwi TCMS do not impose rate limits which makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may...

CVE-2023-25171 Kiwi TCMS has denial of service vulnerability on Password reset page

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users...

CVE-2022-43364

CVE-2022-43364 affects IP-COM EW9 (firmware V15.11.0.14(9732)). An access-control flaw on the password-reset page allows unauthenticated attackers to arbitrarily change the admin password. CVSSv3.1 metrics in NVD/CVE entries: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (base score 7.5, HIGH). Attack vect...

CVE-2021-39125

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1...

PT-2021-22389 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.5.10 Atlassian Jira Server and Data Center versions 8.6.0 through 8.13.1 Description: The issue allows anonymous remote attackers to discover usernames of users via an enumeration...

UsersWP < 1.2.2.29 - Reflected Cross-Site Scripting

The plugin sanitises user input via sanitizetextfield but do not escape it before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues On the reset page made by the plugin: https://example.com/reset/?key=a&login=%22accesskey=X%20onclick=alert1%20b=%22...

XSS vulnerability on password reset page

Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...