142 matches found
CVE-2022-1594
The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...
CVE-2022-1595
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...
Cross site request forgery (csrf)
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...
Cross site request forgery (csrf)
The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...
WordPress plugin HC Custom WP-Admin URL 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress plugin HC Custom WP-Admin URL 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
CVE-2021-25102
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirectto parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redire...
GHSA-483F-WXW9-3RPQ bbPress Cross-site Scripting (XSS) vulnerability
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter...
CVE-2022-22054
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...
CVE-2021-43812
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as...
CVE-2021-43812
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as...
CVE-2021-24939
The LoginWP Formerly Peter's Login Redirect WordPress plugin before 3.0.0.5 does not sanitise and escape the rulloginurl and rullogouturl parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue...
Improper access control
The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO...
CVE-2020-27147
The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO...
TIBCO Partnerexpress Authorization Issues Vulnerability
TIBCO Partnerexpress is a Php-based barcode generator by product name platform from Egavilan Media TIBCO, USA. A security vulnerability exists in TIBCO PartnerExpress 6.2.0, which stems from the REST API component containing a vulnerability that could theoretically be exploited by an...
Password Reset Landing Page (PRLP) - Highly critical - Access bypass - SA-CONTRIB-2020-021
This module enables you to force a password update when using password reset link. The module doesn't sufficiently validate the login URL allowing a malicious user to use a specially crafted URL to log in as another user...
CVE-2019-9206
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued...
DRUPAL-CONTRIB-2019-075
Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts that do not have a local password, but login via external systems. The lack of validation makes it possible for an adversary to forg...
WordPress login-or-logout-menu-item plugin redirection vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. login-or-logout-menu-item is used in one of the website user login/logout function plugin. A security vulnerability exists...
CVE-2019-10676
An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within t...