128 matches found
OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
The plugin did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration...
OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
The plugin did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration. PoC...
ASUS RT-AX3000 Denial of Service Vulnerability
ASUS RT-AX3000 is a firmware from ASUS Taiwan, China that runs in its routers.A security vulnerability exists in ASUS RT-AX3000 that could be exploited by an attacker to interrupt the use of the device's installation services via a continuous login error...
CVE-2021-3229
Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.38410177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error...
h1-ctf: Complete destruction of the Grinch server
Hackyholidays flag 1 First flag is just a matter of reading /robots.txt file: User-agent: Disallow: /s3cr3t-ar3a Flag: flag48104912-28b0-494a-9995-a203d1e261e7 flag 2 Visiting /s3cr3t-ar3a and opening it with developer tools gets the second flag: flagb7ebcb75-9100-4f91-8454-cfb9574459f7 It is...
The vulnerability of the input tool provided by Astra Linux SE/CE in the MS Windows AD domain “astra-winbind” allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the Astra Linux SE/CE input device in MS Windows AD domain, known as astra-winbind, is related to a user login error. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...
UPM doesn't work randomly after VDA is rebooted
Intermittently UPM profile does not load, if user login immediately after the reboot...
Temporary User Profiles Received Instead of Citrix Profile Management Profiles
Citrix Profile Management has been installed and configured in the environment. A Citrix Profile Management Store has been setup for the users where their profiles should be stored. When a user logs in they are receiving a temporary windows user profile instead of a Citrix Profile Management...
Code injection
Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid...
CVE-2019-9206
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued...
CVE-2019-16392
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages...
Security Bulletin: Login Error Messages Credential Enumeration in ClearQuest Web (CVE-2014-3105)
Summary IBM Rational ClearQuest Web for OSLC integration is vulnerable to Login Error Messages Credential Enumeration. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your...
CVE-2018-11581
Cross-site scripting XSS vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html...
StoreFront Logon Error "Your Request Could Not be Completed"
User are unable to logon and get Event ID 7 and 8 in the event logs, with errors "The template named: UsernamePassword could not be found." and an exception "The creation of a form failed"...
Google Chrome Login Error Security Bypass Vulnerability
Google Chrome is a popular web browser. A security bypass vulnerability exists in Google Chrome. An attacker can exploit this vulnerability to bypass sandbox security restrictions...
StoreFront 2.5 not loading apps
Storefront URL when logging in doesn't load any applications and just comes up after logging in with "Spinning wheel" Issue is fixed by rebooting the Storefront servers every time it happens. Also sometimes "Cannot complete you request" error comes after login...
CVE-2015-7902
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests...
Error: Username or password is incorrect when adding vCloud Director
Challenge Encountering issue "Error: Username or password is incorrect" when adding vCloud Director to Veeam Backup & Replication. Solution 1. Verify that the correct password is being utilized. 2. Ports, Permissions, or DNS issues can cause this failure: 1. Ensure connectivity between the Veeam...
SMB File Upload Utility
This module uploads a file to a target share and path. The only reason to use this module is if your existing SMB client is not able to support the features of the Metasploit Framework that you need, like pass-the-hash authentication. This module requires Metasploit: https://metasploit.com/downlo...
Daloradius XSS Vulnerability
No description provided by source. Script Name : daloradius All Version Bug Type : XSS vulnerability Found by : Hadi Kiamarsi Contact : hadikiamarsi at hotmail.com Download : http://sourceforge.net/projects/daloradius/ PoC : http://target/path/daloradius-users/login.php?error="scriptalert'Hadi...