Emumail EMU Webmail 5.2.7 nit.emu Information Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/9861/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported...

VEGO Links Builder 2.0 Login Script SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16108/info VEGO Links Builder is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation...

Livingcolor Livingmailing 1.3 LOGIN.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13836/info livingmailing is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script. livingmailing 1.3 is reported...

PHP Login Script 2.0 Cross Site Scripting

Cross Site Scripting on PHP Login Script v2.0 + Date: 24/03/2014 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: http://php-login-script.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable File: login.php + Version: v2.0 + Exploit :...

dovecot security update

CentOS Errata and Security Advisory CESA-2013:0520 Updated dovecot packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS...

Ollance Member Login script Multiple Vulnerabilities

Ollance Member Login script is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-1838

Vulnerability summary: TWiki before 5.0.2 contains multiple XSS flaws in TemplateLogin.pm, exploitable via the origurl parameter in both the view and login scripts. The OpenVAS NASL entry and CVE records corroborate the vulnerable module and vector. Impact (as described): cross-site scripting cou...

CVE-2011-1838

Multiple cross-site scripting XSS vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a 1 view script or 2 login script...

XSS vulnerability in Lantern CMS

Vulnerability ID: HTB22621 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinlanterncms1.html Product: Lantern CMS Vendor: Lantern http://www.lanterncms.com/www/html/7-home-page.asp Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions Vendor Notification: 22 September...

Lantern CMS Cross Site Scripting

================================== Vulnerability ID: HTB22621 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinlanterncms1.html Product: Lantern CMS Vendor: Lantern http://www.lanterncms.com/www/html/7-home-page.asp Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions...

PHP Login Script v 2.3 SQL Injection vulnerability

Exploit for php platform in category web applications ================================================== PHP Login Script v 2.3 SQL Injection vulnerability ================================================== Exploit Title: PHP Login Script v 2.3 SQL Injection vulnerability. Date: 23/7 2010 Author:...

CVE-2009-2945

weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...

CVE-2009-2945

CVE-2009-2945 affects Stanford WebAuth WebLogin (weblogin/login.fcgi) versions 3.5.5, 3.6.0, 3.6.1. The issue arises when a POST is converted to a GET, causing user passwords to appear in URLs that may be logged by web servers, stored in browser history, or included in Referer headers. This enabl...

ZDI-09-058: Oracle Secure Backup Administration Server Authentication Bypass Vulnerability

ZDI-09-058: Oracle Secure Backup Administration Server Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-058 -- CVE ID: CVE-2009-1977 -- Affected Vendors: Oracle -- Affected Products: Oracle Secure Backup -- Vulnerability Details: This vulnerability allows...

Cross site scripting

Cross-site scripting XSS vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the reroute parameter to the login script...

Oracle Application Server Portal 10g Cross Site Scripting Vulnerability

OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environment for accessing and interacting with enterprise software services and information resources. A vulnerability has been identified in Oracle Application Server 10g, This could b...

CVE-2008-5762

Simple Text-File Login Script SiTeFiLo 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slogusers.txt...

Simple Text-File Login script 1.0.6 (DD/RFI) Multiple Vulnerabilities

No description provided by source. START 0x01 Informations: Script : Simple Text-File Login script 1.0.6 Download : http://www.hotscripts.com/jump.php?listingid=36777&jumptype=1 Vulnerability : Remote File Inclusion / Sensitive Data Disclosure Author : Osirys Contact : osirysatlivedotit Notes :...

Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion

START 0x01 Informations: Script : Simple Text-File Login script 1.0.6 Download : http://www.hotscripts.com/jump.php?listingid=36777&jumptype=1 Vulnerability : Remote File Inclusion / Sensitive Data Disclosure Author : Osirys Contact : osirysatlivedotit Notes : Proud to be Italian Greets: : XaDoS,...

RTH login.php uname Parameter SQL Injection

The remote host is running RTH, a web-based software testing framework written in PHP. The version of RTH installed on the remote host fails to sanitize input to the 'uname' array parameter of the 'login.php' script before using it in a database query. Provided PHP's 'magicquotesgpc' setting is...