The exploit allows an attacker to reset the administrator password for HughesNet HT2000W Satellite Modem by taking advantage of CVE-2021-20090, a path traversal vulnerability in the HTTP daemon. The exploit also exploits other vulnerabilities like improper use of httokens for authentication and leaking the MD5 hash of the password.
The vulnerability in GitLab CE/EE versions prior to 16.7.2 allows an attacker to perform a password reset on a user account without proper authorization. This could lead to unauthorized access to user accounts.
WebMax Portal is vulnerable to a password reset vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. This will allow the attacker to reset the password of any user in the application.
LinkEx is a open source web application for exchanging link, which most of the porn sites uses it. First, go to the website http://site.com/linkex/?page=admin and click on forgot password and enter the captcha. Then, go to site.com/linkex/data/config/config and note down the 'key' parameter. Finally, use the key at site.com/linkex/?page=resetpassword&key=[key] to reset the password.
This vulnerability allows an attacker to reset the password of a user in AMS WebMail. The attacker can exploit this vulnerability by setting up a malicious web page with a JavaScript file that will send a request to the AMS WebMail server. The request will contain the user's email address and a reset password token. The attacker can then use the token to reset the user's password. The vulnerability is caused by the lack of proper input validation in the AMS WebMail server.
The issue can be triggered by an unauthenticated actor within the home network (LAN) only. The attacker doesn't need to specify a valid username to reset the password. He or she can enter a random string, and using the file disclosure issue it's possible to read the PIN needed for resetting. This in turn will disclose all the valid usernames in the emby server and reset all the passwords for all the users with a blank password. Attackers can exploit this to gain unauthenticated and unauthorized access to the emby media server management interface.
Anyremote user can reset the password by reading the debug log, the exploit can be successfully executed, if the debug option is enabled in the Pagekit CMS.
In Anuko Time Tracker v1.19.23.5311 and prior, the password reset link emailed to the user doesn't expire once used, hence the attacker could use the same link to take over the victim's account. An Attacker needs to have the link for successful exploitation. A malicious user could use the same password reset link of the victim multiple times to take over the account.
User controlled input is not sufficiently sanitized. Unauthenticated user can perform administrative operations without properly authorization. Ametys CMS only checks the authorization if the request includes /cms/ in the web request. By that, we can reset any password of users, including administrator users.