CVE-2023-53969

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...

EUVD-2025-38303

The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...

Telesquare TLR-2005Ksh 安全漏洞

The Telesquare TLR-2005Ksh is a wireless router from the South Korean company Telesquare. A security vulnerability exists in Telesquare TLR-2005Ksh version 1.1.4, which originates from a request to the admin.cgi parameter setUserNamePassword that allows unauthorized password changes...

CVE-2023-47577

An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password...

CVE-2023-47577

An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password...

CVE-2023-47577

CVE-2023-47577 affects Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0. The root cause is lack of current-password verification when changing passwords, enabling unauthorized changes. CVSSv3.1 base score is 9.8 (CRITICAL) with Network attack vector, Low attack complexity, Privileges Required: None, U...

CVE-2023-44374

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.0, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.0, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.0, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.0, SCALANCE...

SolusVM-WHMCS-Module 安全漏洞

SolusVM-WHMCS-Module is a module. A security vulnerability exists in SolusVM-WHMCS-Module version 4.1.2 that originates from allowing an attacker to make unauthorized changes to passwords and hostnames of other client servers...

Advisory ROSA-SA-2022-2062

Software: samba 4.12.12 OS: rosa-server79 packageevrstring: samba-4.12.12-3 CVE-ID: CVE-2022-32744 BDU-ID: 2022-04687 CVE-Crit: Not Relevant CVE-DESC: A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own...

Cognex 3D-A1000 Dimensioning System

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely, low attack complexity Vendor: Cognex Equipment: 3D-A1000 Dimensioning System Vulnerabilities: Missing Authentication for Critical Function, Improper Output Neutralization for Logs, Client-side Enforcement of Server-side Security 2...

Samba Privilege Escalation Vulnerability (CVE-2022-32744)

Samba is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

Sylius code issue vulnerability

Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. Sylius suffers from a code issue vulnerability that could lead to existing token leakage and unauthorized password changes. No details of the vulnerability are currently available...

Sylius 代码问题漏洞

Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. Sylius suffers from a code issue vulnerability that could lead to existing token leakage and unauthorized password changes. No details of the vulnerability are currently available...

Schneider Electric 授权问题漏洞

Schneider Electric has a security vulnerability that originates from a Weak Password Recovery Mechanism for Forgotten Password vulnerability in Modicon Managed Switch MCSESM and MCSESP V8.21 and earlier. The vulnerability stems from a Weak Password Recovery Mechanism for Forgotten Password...

Siemens LOGO! 8 BM Information Disclosure Vulnerability

Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. Siemens LOGO! 8 BM is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to make unauthorized password or configuration changes to any...

Debian: Security Advisory (DSA-4589-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ClonOs WEB UI 19.09 - Improper Access Control

ClonOs WEB UI 19.09 - Improper Access Control Exploit Title: ClonOs WEB UI 19.09 - Improper Access Control Date: 2019-10-19 Exploit Author: İbrahim Hakan Şeker Vendor Homepage: https://clonos.tekroutine.com/ Software Link: https://github.com/clonos/control-pane Version: 19.09 Tested on: ClonOs CV...

Adive Framework 2.0.7 - Cross-Site Request Forgery

Adive Framework 2.0.7 - Cross-Site Request Forgery Exploit Title: Adive Framework 2.0.7 – Cross-Site Request Forgery CSRF Date:02/08/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://adive.es Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.7 Tested on: Window...

CVE-2016-10859

cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands SEC-65...

CVE-2016-10859

cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands SEC-65...