Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change
28.04.2019
Cisco Talos
CVEMAP Search Results
CVE
Details
Description
2024-07-22
CVE-2024-37998
Updating...
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications.
2023-12-29
CVE-2023-4465
Updating...
A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.
2023-10-30
CVE-2023-5844
Updating...
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
2023-09-13
CVE-2023-4915
Updating...
The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (in the WP User Control Widget). The function changes the user's password after providing the email. The new password is only sent to the user's email, so the attacker does not have access to the new password.
2023-08-16
CVE-2023-4381
Updating...
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
2023-06-02
CVE-2023-3069
Updating...
Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.
2022-09-07
CVE-2022-3152
Updating...
Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20.
2022-08-22
CVE-2022-2930
Updating...
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.
2021-07-21
Low
CVE-2021-22773
Updating...
A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker connected to the charging station web server to modify the password of a user.
Copyright
2024
, cxsecurity.com
Back to Top
