Sourcecodester Online Leave Management System SQL注入漏洞

SourceCodester Online Leave Management System is an online leave management system. v1 of SourceCodester Online Leave Management System is vulnerable to SQL injection. system/classes/Login.php parameter lacks effective filtering and escaping, which can be exploited to execute arbitrary SQL comman...

Pluck 授权问题漏洞

Pluck is a content management system CMS developed using the PHP language. Pluck-CMS Pluck suffers from an authorization issue vulnerability that stems from a session repair vulnerability in login.php that allows an attacker to maintain unauthorized access to the platform. Since Pluck does not...

CVE-2021-43130

An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System CRM 1.0 via the username parameter in customer/login.php...

Cisco Anyconnect Secure Mobility Client安全漏洞

An elevation of privilege vulnerability exists in Cisco AnyConnect Secure Mobility Client, a VPN client software for secure connections from Cisco, which results from the assignment of incorrect privileges to a script executed before a user logs in. The vulnerability is caused by assigning the...

IntelliChoice eFORCE Software Suite 2.5.9 Username Enumeration

IntelliChoice eFORCE Software Suite v2.5.9 Username Enumeration Vendor: IntelliChoice, Inc. Product web page: https://www.eforcesoftware.com Affected version: 2.5.9.6 2.5.9.5 2.5.9.3 2.5.9.2 2.5.9.1 2.5.8.0 2.5.7.20 2.5.7.18 2.5.6.18 2.5.4.6 2.5.3.11 Summary: IntelliChoice is a United States...

IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration

Exploit Title: IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration Date: 03.05.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.eforcesoftware.com IntelliChoice eFORCE Software Suite v2.5.9 Username Enumeration Vendor: IntelliChoice, Inc. Product web page:...

IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration Vulnerability

Exploit Title: IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration Exploit Author: LiquidWorm Vendor Homepage: https://www.eforcesoftware.com IntelliChoice eFORCE Software Suite v2.5.9 Username Enumeration Vendor: IntelliChoice, Inc. Product web page: https://www.eforcesoftware.com...

IntelliChoice eFORCE Software Suite v2.5.9 Username Enumeration

Summary IntelliChoice is a United States software company that was founded in 2003, and offers a software title called eFORCE Software Suite. eFORCE Software Suite is law enforcement software, and includes features such as case management, court management, crime scene management, criminal...

CVE-2020-7848

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value...

CVE-2020-7848

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value...

SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration Weakness

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

CVE-2020-14068

An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executarlogin.php...

CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...

CVE-2019-19484

Open redirect via parameter ‘p’ in login.php in Centreon 19.04.4 and below allows an attacker to craft a payload and execute unintended behavior...

PT-2019-6424 · Ruijie · Ruijie Eg-2000 Series Gateway

Name of the Vulnerable Software and Affected Versions: Ruijie EG-2000 series gateway versions EG-2000SE EG RGOS 11.11B1. Description: The issue is related to a buffer overflow in the client.so file of the Ruijie EG-2000 series gateway. This allows an attacker to login to any account without...

CVE-2019-16057

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection...

CVE-2017-6900

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...

CVE-2018-6320

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure PCS 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an https Host header received from the browser is trusted without validation...

PT-2018-3857 · Mitsubishi · Mitsubishi Electric Smartrtu

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric SmartRTU affected versions not specified Description: The issue is related to the lack of protection for the web page structure in Mitsubishi Electric SmartRTU, allowing an attacker to conduct cross-site scripting attacks...