22 matches found
EUVD-2021-14889
Malware in sbrugna...
EUVD-2009-4047
Malware in sbrugna...
CVE-2024-46610
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...
Logic Flaw Vulnerability in Forms System of Hunan Zhongda Numerical Information Technology Co.
Hunan Zhongda Numerical Information Technology Co., Ltd. is a technology-based company mainly engaged in regional Internet e-commerce new retail and platform development services. A logic flaw vulnerability exists in the form system of Hunan Zhongda Digital Wei Information Technology Co., Ltd. th...
Mars: change part of personal information all users
The report describes a vulnerability in the ██████████ website, where unauthorized access to an API endpoint allowed attackers to add new users and modify personal information of existing users. The vulnerability was classified as Improper Access Control. The issue stemmed from the absence of...
Design/Logic Flaw
Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...
Override Access Vulnerability in Niushop Mall System
Shanxi NiuKu Information Technology Co., Ltd. is a technical enterprise engaged in the development of mobile Internet-oriented. Niushop mall system has an override access vulnerability, which can be exploited by attackers to modify other users' information...
Design/Logic Flaw
An issue was discovered in Telexy QPath 5.4.462. A low privileged authenticated user supplying a specially crafted serialized request to AdanitDataService.svc may modify user information, including but not limited to email address, username, and password, of other user accounts. The simplest atta...
CVE-2018-7718
CVE-2018-7718 affects Telexy QPath 5.4.462 where a low-privileged, authenticated user can craft a serialized request to AdanitDataService.svc to modify e.g. email, username, or password of other accounts. The documented attack path suggests intercepting a password-change request and altering the ...
FeiFeiCms 4.0.181010 version of the foreground there are logic flaws vulnerability
FeiFeiCms is developed by PHP+Mysql technology and can run on windows and Linux system platform. A logic flaw exists in the frontend of FeiFeiCms version 4.0.181010, which stems from a failure to properly filter user input and can be exploited by an attacker to modify user information...
Stored Cross-Site Scripting Vulnerability at User Information Modification in Five Fingers CMS
Five Fingers CMS is an open source content management system that supports LNAMP architecture. A stored cross-site scripting vulnerability exists in Five Fingers CMS at the modification of user information. Attackers can insert malicious js code in the page to obtain user cookies and other...
SQL Injection Vulnerability in the User Information Modification Interface of S-CMS School Building System
S-CMS school station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. A SQL injection vulnerability exists in the user information modification interface of S-CMS. An attacker can exploit the vulnerability ...
Bugzilla Input Validation Vulnerability
Bugzilla is a bug tracking system used by a large number of software, web based. Bugzilla has an input validation vulnerability that can be exploited by an attacker to modify user information...
phpyun csrf修改用户密码
简要描述: phpyun csrf修改用户密码 详细说明: 更新用户信息的请求没有防御csrf。可以修改用户的邮箱。而重置密码功能是选择用户信息中的邮箱发送找回验证码。结合利用。 修改用户信息的请求为:...
Cicada-known Enterprise Portal system v2. 5 sql injection to admin-vulnerability warning-the black bar safety net
The problem is when the user modifies the information of the place /system/module/user/control.php public function edit$account = " if!$ account or RUNMODE == 'front' $account = $this-app-user-account; if$this-app-user-account == 'guest' $this-locateinlink'login'; if! empty$POST...
CVE-2009-4076
Cross-site request forgery CSRF vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077...
bluecms 0day-vulnerability warning-the black bar safety net
Author: st0p Reprint please indicate the source: http://www.st0p.org Alas, the group where a friend made a CMS, that user information modification section there may be injected, that together with the analysis, the local after installation found, can not use the magicquotesgpc = off in the case,...
CVE-2007-2017
siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request...
CVE-2006-4954
The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the inid parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying 1 passwords and 2 permissions, 3 viewing profile settings, and 4 creating and 5 deleting users...
CVE-2005-2038
Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page...