Total
165 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-12421 | 1 Ltb-project | 1 Ldap Tool Box Self Service Password | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string. | |||||
CVE-2017-0921 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. | |||||
CVE-2017-8916 | 1 Cisecurity | 1 Cis-cat Pro Dashboard | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access. | |||||
CVE-2014-6412 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 5.0 MEDIUM | 8.1 HIGH |
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. | |||||
CVE-2017-17097 | 1 Gps-server | 1 Gps Tracking Software | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php. |