CVE-2022-32425

The CVE-2022-32425 entry concerns Mealie (v1.0.0beta-2) where the login function enables username enumeration by measuring response time, indicating an information-disclosure vulnerability. Affected software: Mealie v1.0.0beta-2 (login feature). Root cause: timing-based information leakage during...

CVE-2022-32425

The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time...

CVE-2022-29272

In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing...

Nagios XI 输入验证错误漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 5.8.5 and prior versions, which stems from an open...

Cross-site Scripting (XSS)

OctoPrint is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation in the redirecturl parameter in the login function of views.py, allowing an attacker to inject and execute malicious javascript by redirecting to malicious URLs...

OctoPrint 跨站脚本漏洞

OctoPrint is an application. Provides a fast web interface for controlling consumer 3D printers. A cross-site scripting vulnerability exists in OctoPrint versions prior to 1.8.0, which stems from a lack of data filtering and escaping in the login function in the software views.py...

Design/Logic Flaw

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...

CVE-2021-45031 Weak Authentication in Login Function of USC+

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...

CVE-2021-45031

CVE-2021-45031 affects MEPSAN’s USC+ prior to version 3.0. The vulnerability is a weakness in the login function that lets attackers generate passwords for high-privilege accounts, enabling potential unauthorized access and elevation of privileges. Reports consistently identify versions before 3....

Reolink RLC-410W Certification Bypass Vulnerability

Reolink Rlc-410W is a Wifi security camera from Reolink China.An authentication bypass vulnerability exists in Reolink RLC-410W version v3.0.0.136 20121102, which stems from an authentication bypass in the cgiserver.cgi login function. An attacker can exploit this vulnerability to bypass...

ASUS RT-AX56U Path Traversal Vulnerability

ASUS RT-AX56U is a wireless router from ASUS Taiwan, China.A path traversal vulnerability exists in ASUS RT-AX56U, which stems from the insufficient filtering of special characters in URL parameters by the login function of ASUS RT-AX56U, which could be exploited by an unauthenticated LAN attacke...

CVE-2022-22054

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...

Path traversal

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...

CVE-2021-4073

The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function socialloginusingemail of the plugin. This affects...

Authentication Bypass

flaskappbuilder is vulnerable to authentication bypass. The vulnerability exists login function of api.py because the login requests are not properly validated which allows a malicious attacker to send a crafted request and gain access to the API endpoints...

CVE-2021-41676

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php...

Sql injection

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php...

CVE-2021-41676

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php...

CVE-2021-40889

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in webroot/uno/central.php file calls to fileputcontents function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into...

Remote code execution

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in webroot/uno/central.php file calls to fileputcontents function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into...