CVE-2022-35143

Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks...

EUVD-2024-25194

Malicious code in bioql PyPI...

CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...

CVE-2024-9418

CVE-2024-9418 affects transformeroptimus/superagi v0.0.14, where the API endpoint /api/users/get/{id} returns plaintext user passwords. This flaw enables an attacker to retrieve another user’s password, enabling potential account takeover. Connected reports confirm the issue and the affected comp...

CVE-2024-10215

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2023-4916 Login with phone number <= 1.5.6 - Cross-Site Request Forgery to User Password Change

The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwpupdatepasswordaction' function. This makes it possible for unauthenticated attackers to change user password via...

Brocade Fabric OS Information Disclosure Vulnerability

Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade in the United States. An information disclosure vulnerability exists in Brocade Fabric OS versions prior to 7.4.2g. The vulnerability stems from incorrectly recording a user's...

Arbitrary User Password Reset Vulnerability in Bunker Busters

Bunker Fortress is the industry's first software form of the Fortress, providing a centralized authentication, centralized access authorization, centralized access management, centralized operation audit and a single point of simplified operation and management required for remote operations and...

ECShop任意用户密码盲改漏洞

简要描述： 小问题 详细说明： ECShop找回密码功能设计缺陷，修改密码链接没有时效性 可通过搜索引擎搜索关键词 来重置ecshop网站上的部分用户的密码 只是不知道用户名无法登陆，只能盲改密码 谷歌 inurl:user.php?act=getpassword&uid= 打开一个链接： http://class.enfamily.cn/user.php?act=getpassword&uid=277576&code=09d77a40ca80fdfbd33315131e554bb0 随便输入密码 例如：wooyun 已经修改成功，只是不知道用户名无法登陆。 其他搜索引擎...

Mysteriously replaced Windows XP user password-vulnerability warning-the black bar safety net

Windows XP startup scriptstartup scriptsis a computer in the login screen to appear before running the batch file, which functions similar to the Windows 9×and DOS automatically executed batch file, the autoexec. bat. Using this feature, you can write a batch file to re-set the user password, and...

How to in Windows 2 0 0 3 to give the login password-vulnerability warning-the black bar safety net

In all NT systems, there are several ways you can get the login user's password. I know of three methods can achieve the purpose. 1. hook the winlogon in the several function, the Internet also has this type ofprogram, called winlogonhijack items in the rootkit. com has to offer, but that project...

CVE-2003-0968

Stack-based buffer overflow in SMBLogonServer of the rlmsmb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute...

CVE-1999-0156

CVE-1999-0156 affects wu-ftpd FTP daemon. The vulnerability allows any user and password combination, effectively bypassing authentication and potentially granting unauthorized access. Public sources in the provided documents confirm authentication bypass but do not specify concrete exploitation ...

CVE-1999-0156

wu-ftpd FTP daemon allows any user and password combination...