Login Security Vulnerabilities
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect...
6.5CVSS
6.6AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP...
8.9AI Score
0.005EPSS
The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social...
6.9AI Score
0.003EPSS
The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the...
6.1AI Score
0.002EPSS
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to...
9.4AI Score
0.083EPSS
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo...
6.7AI Score
0.006EPSS
The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl...
6AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary...
7.5AI Score
0.002EPSS
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password...
7AI Score
0.004EPSS
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified...
7.2AI Score
0.003EPSS
Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login...
6.2AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to...
6AI Score
0.003EPSS
The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and...
8.8AI Score
0.0004EPSS
SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its...
6.1AI Score
0.0004EPSS
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for...
6.7AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. NOTE: some of these details are obtained...
5.9AI Score
0.003EPSS
PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path...
7.5AI Score
0.008EPSS
Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for...
6.5AI Score
0.003EPSS
Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for...
6.5AI Score
0.005EPSS
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or...
7.4AI Score
0.01EPSS
The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this...
5.9AI Score
0.0005EPSS
PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: a third party disputes this vulnerability because of the special nature of the SERVER superglobal...
7.5AI Score
0.02EPSS
PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root...
7.6AI Score
0.131EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained.....
6.2AI Score
0.006EPSS
SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row...
8.3AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword...
5.7AI Score
0.005EPSS
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to...
8.9AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2)...
6AI Score
0.004EPSS
Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent.....
8.9AI Score
0.006EPSS
Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in....
5.7AI Score
0.003EPSS
SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName...
8.4AI Score
0.003EPSS
SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows remote attackers to bypass authentication and gain privileges via the password...
8.7AI Score
0.005EPSS