91 matches found
CVE-2023-49032
An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone...
CVE-2018-12421
LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...
CVE-2019-11652
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset SSPR versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset SSPR SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate...
CVE-2023-53958
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...
CVE-2023-53958
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...
EUVD-2025-204597
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...
CVE-2023-53958 LDAP Tool Box Self Service Password 1.5.2 Account Takeover via HTTP Host Header
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...
CVE-2023-53958
LDAP Tool Box Self Service Password 1.5.2 is affected by a vulnerability in its password reset flow: attackers can manipulate the HTTP Host header during token generation, causing tokens to be sent to a attacker-controlled server and enabling potential account takeover by using stolen reset token...
PT-2025-52528
Name of the Vulnerable Software and Affected Versions LDAP Tool Box Self Service Password version 1.5.2 Description The software contains a password reset issue where attackers can manipulate HTTP Host headers during token generation. This allows crafting malicious password reset requests that...
EUVD-2019-3317
Malware in sbrugna...
EUVD-2019-3322
Malware in sbrugna...
EUVD-2010-4474
Malware in sbrugna...
EUVD-2020-4190
Malware in sbrugna...
EUVD-2006-6963
Malware in sbrugna...
EUVD-2020-4351
Malware in sbrugna...
EUVD-2020-18470
Malware in sbrugna...
EUVD-2023-53056
Malicious code in bioql PyPI...
EUVD-2022-0085
Malicious code in bioql PyPI...
CVE-2022-29700
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service DoS during password verification...
CVE-2020-25837
Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset SSPR product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information...