CVE-2026-33297

WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numer...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from a logical error in the setPassword.json.php endpoint of the CustomizeUser plugin. This error could cau...

AVideo: IDOR - Any Admin Can Set Another User's Channel Password Via SetPassword.json.php

Summary The "setPassword.json.php" endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero befor...

CVE-2013-6852

Cross-site request forgery CSRF vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method...

Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit_Project Polkit

CVE-2021-3560 is an authenticatio...

Cross-Site Request Forgery (CSRF)

github.com/casdoor/casdoor is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in the SetPassword function at user.go due to a lack of CSRF token, which allows an attacker to change a users password...

Exploit for Incorrect Authorization in Polkit_Project Polkit

polkit-auto-exploit Automatic Explotation PoC for Polkit CVE-2...

GHSA-WVH7-5P38-2QFC Storing Password in Local Storage

The setPassword method http://parseplatform.org/Parse-SDK-JS/api/2.9.1/Parse.User.htmlsetPassword stores the user's password in localStorage as raw text making it vulnerable to anyone with access to your localStorage. We believe this is the only time that password is stored at all. In the...

uniForum <= 4 - (wbsearch.aspx) Remote SQL Injection Vulnerability

No description provided by source. Title : uniForum = v4 wbsearch.aspx Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : ... Vendor : http://uniforum.biz/ $$ : $99 SQL--------------------------------------------------------- http://target/path//wbsearch.aspx POST Method SQL...

CVE-2010-0833

The pamlsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass...

CVE-2010-0833

The pamlsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass...

CVE-2010-0833

The pamlsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass...

PT-2008-5562 · Microsoft · Internet Information Services

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Information Services IIS affected versions not specified Description: A certain ActiveX control in iisext.dll allows remote attackers to set a password via a string argument to the SetPassword method. However, this issue...

CVE-2008-0090

A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service Internet Explorer 7 crash via a long argument to the SetPassword method...

DivX Player 6.6.0 ActiveX SetPassword() Denial of Service PoC

No description provided by source. object id="divx" classid="clsid:D050D736-2D21-4723-AD58-5B541FFB6C11" style="display:none;" /object script function crash var buff = ''; fori=0;i=500;i++ buff+="AAAAAAAAAA"; object = document.getElementById"divx"; object.SetPasswordbuff; /script pre h3uDivX...

DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service (PoC)

DivX Player 6.6.0 - ActiveX SetPassword Denial of Service PoC function crash var buff = ''; fori=0;i DivX SetPassword npUpload.dll Denial of Service Tested on IE 7 and Divx Player 6.6.0 Registers: EAX 00000000 ECX FFFFFFFF EDX 0191CA50 EBX 008E06E0 ESP 0191C9E4 EBP 0191CA50 ESI 00000000 EDI...

DivX Player 6.6.0 - ActiveX &#039;SetPassword()&#039; Denial of Service (PoC)

function crash var buff = ''; fori=0;i DivX SetPassword npUpload.dll Denial of Service Tested on IE 7 and Divx Player 6.6.0 Registers: EAX 00000000 ECX FFFFFFFF EDX 0191CA50 EBX 008E06E0 ESP 0191C9E4 EBP 0191CA50 ESI 00000000 EDI 00000000 EIP 061F2B52 npUpload.061F2B52 Access violation when readi...

DivX Player 6.6.0 ActiveX SetPassword() Denial of Service PoC

Exploit for unknown platform in category dos / poc ============================================================= DivX Player 6.6.0 ActiveX SetPassword Denial of Service PoC ============================================================= function crash var buff = ''; fori=0;i DivX SetPassword...