Total
152 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5172 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links. | |||||
CVE-2017-7629 | 1 Qnap | 1 Qts | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. | |||||
CVE-2016-7038 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | 7.3 HIGH |
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. | |||||
CVE-2017-5594 | 1 Pagekit | 1 Pagekit | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01. | |||||
CVE-2016-2349 | 1 Bmc | 1 Remedy Action Request System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. | |||||
CVE-2017-2766 | 1 Emc | 1 Documentum Eroom | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
CVE-2017-7615 | 1 Mantisbt | 1 Mantisbt | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | |||||
CVE-2017-8385 | 1 Craftcms | 1 Craft Cms | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. | |||||
CVE-2016-8716 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2023-12-10 | 3.3 LOW | 7.5 HIGH |
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. | |||||
CVE-2017-8295 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message. | |||||
CVE-2016-5996 | 1 Ibm | 1 Tealeaf Customer Experience | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
CVE-2016-5997 | 1 Ibm | 1 Tealeaf Customer Experience | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack. |