VulnCheck KEV: CVE-2016-20017

D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter...

CVE-2018-9161

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/loginpar.js...

D-Link DIR-615 Wireless N 300 Router Authentication Bypass Vulnerability

The D-Link DIR-615 Wireless N 300 is a wireless router product from AUO D-Link. A security vulnerability exists in the D-Link DIR-615 Wireless N 300 router that stems from the program not validating the password field. An attacker can bypass authentication by sending a modified POST request to th...

Xavier 2.4 SQL Injection

Document Title: =============== Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2076 Release Date: ============= 2017-06-06 Vulnerability Laboratory ID VL-ID: ==================================== 20...

CVE-2016-10329

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header...

CVE-2016-3109

The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code...

SQL Injection Vulnerability in Shield Spirit Public Number Promotion System Login.php

Shield Spirit public number promotion system is mainly applied to public number promotion affiliate. A SQL injection vulnerability exists in the login.php of the Shield Spirit public number promotion system. Since the username variable in the statement gets data directly from post, it allows...

ZKTeco ZKBioSecurity 3.0 Local Privilege Bypass Vulnerability

ZKBioSecurity is a comprehensive management platform for biometric security. A local privilege bypass vulnerability exists in ZKTeco ZKBioSecurity 3.0, which is caused by the visLogin.jsp script processing login requests via the 'EnvironmentUtil.getClientIprequest' method, allowing an attacker to...

ZKTeco ZKBioSecurity 3.0 User Enumeration

!/usr/bin/env python ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator...

CVE-2016-5639

Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. dot dot in the src parameter...

Mango Automation 2.6.0 User Enumeration

Mango Automation 2.6.0 User Enumeration Weakness Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to...

KnowledgeTree 'login.php' Cross-Site Scripting Vulnerability

KnowledgeTree is a Web-based open source document management system . A cross-site scripting vulnerability exists in KnowledgeTree login.php, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive information or...

Hotspot Express hotEx Billing Manager cgi-bin/hotspotlogin.cgi Cross-Site Scripting Vulnerability

Hotspot Express hotEx Billing Manager is a billing management system. A cross-site scripting vulnerability in Hotspot Express hotEx Billing Manager cgi-bin/hotspotlogin.cgi allows attackers to submit special reply parameters to inject malicious HTML or scripts and obtain sensitive information...

CVE-2014-5408

Cross-site scripting XSS vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 NC2 SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter...

CVE-2014-5408 Nordex NC2 Cross-site Scripting

Cross-site scripting XSS vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 NC2 SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter...

Ultra Electronics AEP Ultra Protect Multiple Vulnerabilities

Ultra Electronics AEP Ultra Protect is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

YaBB 1.40/1.41 Login Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6004/info A cross-site scripting vulnerability has been reported in the YaBB Yet Another Bulletin Board forum login script. HTML tags or script code are not sanitized from the error output of erroneous login attempts. As ...

Whale Communications e-Gap Security Appliance 2.5 Login Page Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9431/info The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpected HTTP requests it may divulge the source code of th...

Emumail EMU Webmail 5.2.7 emumail.fcgi Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/9861/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported...

cPanel 5/6/7/8/9 Login Script Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9855/info A potential remote command execution vulnerability has been discovered in the cPanel application. This issue occurs due to insufficient sanitization of externally supplied data to the login script. An attacker m...