168 matches found
CVE-2024-30262
Contao CVE-2024-30262: In versions prior to 4.13.40, when a frontend member changes their password (in Personal Data or Password Lost modules), associated remember-me tokens are not cleared, allowing ongoing access if a token was compromised. The issue is fixed in Contao 4.13.40. A recommended wo...
CVE-2024-30262 Contao's remember-me tokens will not be cleared after a password change
Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...
Contao: Remember-me tokens will not be cleared after a password change
Impact When a front end member changes their password, the corresponding remember-me tokens are not removed. Patches Update to Contao 4.13.40. Workarounds Disable "Allow auto login" in the login module. References...
CVE-2024-0726
A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file adminlogin.php of the component Admin Login Module. The manipulation of the argument msg with the input...
CVE-2024-0726
A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file adminlogin.php of the component Admin Login Module. The manipulation of the argument msg with the input...
Cross site scripting
A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file adminlogin.php of the component Admin Login Module. The manipulation of the argument msg with the input...
CVE-2024-0726 Project Worlds Student Project Allocation System Admin Login Module admin_login.php cross site scripting
A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file adminlogin.php of the component Admin Login Module. The manipulation of the argument msg with the input...
CVE-2024-0726
CVE-2024-0726 affects Project Worlds Student Project Allocation System 1.0, specifically the Admin Login Module via the file admin_login.php. The vulnerability is a cross-site scripting (XSS) flaw caused by manipulating the msg argument (example input: test%22%3Cscript%3Ealert(%27Torada%27)%3C/sc...
PT-2024-15784 · Unknown · Project Worlds Student Project Allocation System
Name of the Vulnerable Software and Affected Versions: Project Worlds Student Project Allocation System version 1.0 Description: A vulnerability was found in the Admin Login Module, specifically affecting the file admin login.php. The issue allows for cross-site scripting through the manipulation...
kafka: RCE/DoS via SASL JAAS JndiLoginModule configuration in Kafka Connect
A flaw was found in Apache Kafka Connect's REST API that permits configuration of SASL property by an authenticated operator, which could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. This issue could allow an authenticated attacker to cause a...
CVE-2023-0305
A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file adminclass.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely...
CVE-2023-0305 SourceCodester Online Food Ordering System Login Module admin_class.php sql injection
A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file adminclass.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely...
PT-2023-16160 · Unknown · Sourcecodester Online Food Ordering System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Food Ordering System affected versions not specified Description: A critical vulnerability was found in the SourceCodester Online Food Ordering System, affecting the Login Module in the file admin class.php. The...
CVE-2022-45020
Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting XSS vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted GET request...
CVE-2022-3130
A vulnerability classified as critical has been found in codeprojects Online Driving School. This affects an unknown part of the file /login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
GHSA-2J6V-829G-885Q Magento Improper Access Control
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources...
PT-2021-23751 · Unknown · Sourcecodester Simple Subscription Website
Name of the Vulnerable Software and Affected Versions: Sourcecodester Simple Subscription Website version 1.0 Description: A SQL Injection issue exists via the login, allowing potential exploitation. Recommendations: For version 1.0, consider disabling the login functionality until a patch is...
FUEL-CMS 访问控制错误漏洞
FUEL CMS is a CodeIgniter-based content management system. A brute-force cracking vulnerability exists in fuel/modules/fuel/controllers/Login.php in Fuel CMS version 1.5.0. An attacker can use this vulnerability to brute-force the administrator's email address...
Mitsubishi Electric MELSEC iQ-R series 授权问题漏洞
The Mitsubishi Electric MELSEC iQ-R series is a programmable logic controller from Mitsubishi Electric, Japan. An authorization issue vulnerability exists in the Mitsubishi Electric MELSEC iQ-R series, which arises from a flaw in the logic of the product login module. An attacker could lock out a...
Debian DLA-2583-1 : activemq security update
Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709 When using the OpenWire protocol in activemq, it was found that certain system details such as the OS and kernel version are exposed as plain text. CVE-2018-11775 TLS hostname...