Lucene search
K

128 matches found

wpexploit
wpexploit
added 2021/04/07 12:0 a.m.622 views

OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error

The plugin did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration...

4.3CVSS0.9AI score0.0163EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/04/07 12:0 a.m.34 views

OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error

The plugin did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration. PoC...

4.3CVSS0.5AI score0.0163EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2021/02/23 12:0 a.m.24 views

ASUS RT-AX3000 Denial of Service Vulnerability

ASUS RT-AX3000 is a firmware from ASUS Taiwan, China that runs in its routers.A security vulnerability exists in ASUS RT-AX3000 that could be exploited by an attacker to interrupt the use of the device's installation services via a continuous login error...

7.8CVSS3.2AI score0.02709EPSS
Exploits1References1
NVD
NVD
added 2021/02/05 10:15 p.m.18 views

CVE-2021-3229

Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.38410177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error...

7.8CVSS0.02709EPSS
Exploits1References3
Hacker One
Hacker One
added 2020/12/24 3:43 p.m.29 views

h1-ctf: Complete destruction of the Grinch server

Hackyholidays flag 1 First flag is just a matter of reading /robots.txt file: User-agent: Disallow: /s3cr3t-ar3a Flag: flag48104912-28b0-494a-9995-a203d1e261e7 flag 2 Visiting /s3cr3t-ar3a and opening it with developer tools gets the second flag: flagb7ebcb75-9100-4f91-8454-cfb9574459f7 It is...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/05/08 12:0 a.m.6 views

The vulnerability of the input tool provided by Astra Linux SE/CE in the MS Windows AD domain “astra-winbind” allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Astra Linux SE/CE input device in MS Windows AD domain, known as astra-winbind, is related to a user login error. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

4.8CVSS5.5AI score
Exploits0References1
Citrix
Citrix
added 2020/02/14 12:0 a.m.9 views

UPM doesn't work randomly after VDA is rebooted

Intermittently UPM profile does not load, if user login immediately after the reboot...

7.1AI score
Exploits0
Citrix
Citrix
added 2020/01/28 12:0 a.m.8 views

Temporary User Profiles Received Instead of Citrix Profile Management Profiles

Citrix Profile Management has been installed and configured in the environment. A Citrix Profile Management Store has been setup for the users where their profiles should be stored. When a user logs in they are receiving a temporary windows user profile instead of a Citrix Profile Management...

6.8AI score
Exploits0
Prion
Prion
added 2020/01/19 8:15 p.m.10 views

Code injection

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid...

5CVSS5.5AI score0.00972EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/12/31 5:15 p.m.4 views

CVE-2019-9206

PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued...

6.1CVSS6.4AI score0.01167EPSS
Exploits2References2
OSV
OSV
added 2019/09/17 9:15 p.m.15 views

CVE-2019-16392

SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages...

6.1CVSS5.6AI score
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:56 a.m.42 views

Security Bulletin: Login Error Messages Credential Enumeration in ClearQuest Web (CVE-2014-3105)

Summary IBM Rational ClearQuest Web for OSLC integration is vulnerable to Login Error Messages Credential Enumeration. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your...

5CVSS1.3AI score0.01667EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2018/06/01 5:0 p.m.16 views

CVE-2018-11581

Cross-site scripting XSS vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html...

5AI score0.0161EPSS
Exploits0References2
Citrix
Citrix
added 2017/11/15 12:0 a.m.7 views

StoreFront Logon Error "Your Request Could Not be Completed"

User are unable to logon and get Event ID 7 and 8 in the event logs, with errors "The template named: UsernamePassword could not be found." and an exception "The creation of a form failed"...

7AI score
Exploits0
CNVD
CNVD
added 2016/09/28 12:0 a.m.2 views

Google Chrome Login Error Security Bypass Vulnerability

Google Chrome is a popular web browser. A security bypass vulnerability exists in Google Chrome. An attacker can exploit this vulnerability to bypass sandbox security restrictions...

6.8AI score
Exploits0References1
Citrix
Citrix
added 2016/09/15 12:0 a.m.9 views

StoreFront 2.5 not loading apps

Storefront URL when logging in doesn't load any applications and just comes up after logging in with "Spinning wheel" Issue is fixed by rebooting the Storefront servers every time it happens. Also sometimes "Cannot complete you request" error comes after login...

7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2015/10/28 10:59 a.m.3 views

CVE-2015-7902

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests...

5CVSS5.5AI score0.03498EPSS
Exploits1References2
Veeam
Veeam
added 2013/08/23 12:0 a.m.16 views

Error: Username or password is incorrect when adding vCloud Director

Challenge Encountering issue "Error: Username or password is incorrect" when adding vCloud Director to Veeam Backup & Replication. Solution 1. Verify that the correct password is being utilized. 2. Ports, Permissions, or DNS issues can cause this failure: 1. Ensure connectivity between the Veeam...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2010/09/20 8:6 a.m.58 views

SMB File Upload Utility

This module uploads a file to a target share and path. The only reason to use this module is if your existing SMB client is not able to support the features of the Metasploit Framework that you need, like pass-the-hash authentication. This module requires Metasploit: https://metasploit.com/downlo...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2009/12/17 12:0 a.m.15 views

Daloradius XSS Vulnerability

No description provided by source. Script Name : daloradius All Version Bug Type : XSS vulnerability Found by : Hadi Kiamarsi Contact : hadikiamarsi at hotmail.com Download : http://sourceforge.net/projects/daloradius/ PoC : http://target/path/daloradius-users/login.php?error="scriptalert'Hadi...

7.1AI score
Exploits0
Rows per page
Query Builder