CVE-2021-40889

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in webroot/uno/central.php file calls to fileputcontents function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into...

CVE-2021-41286

Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...

CVE-2021-41286

Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...

Omikron MultiCash 授权问题漏洞

Omikron MultiCash is a one-stop solution for infrastructure, software and services from Omikron Germany. A security vulnerability exists in Omikron MultiCash Desktop 4.00.008.SP5, which allows an attacker to attach a debugger to a process or create a patch to manipulate the behavior of login...

Insecure Authentication

lincmsflask uses insecure authentication. The vulnerability exists due to a lack of rate-limiting in the login function...

PYSEC-2021-339

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'...

lin-cms-flask安全漏洞

lin-cms-flask is a content management system framework. lin-cms-flask version 0.1.1 contains a security vulnerability that can be exploited by remote attackers to brute force login via the "login" function in the component "app/api/cms/user.py"...

CVE-2015-2099

Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the 1 GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, 2 Login function in the LoginContoller.LoginControllerCtrl.1 control, or 3 GetThumbnail...

Soar Cloud System Access Control Error Vulnerability

Soar Cloud System is a HR system solution system developed by Soar. Soar Cloud System HR Portal has an access control error that allows remote attackers to access sensitive data through specific packets e.g., user's login information while obtaining a user ID, thus preventing the login function...

openSIS SQL Injection Vulnerability (CNVD-2020-50952)

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in the login function in OS4Ed openSIS 7.3, which can be exploited by an attacker to conduct a SQL injection attack by sending a specially crafted HTTP request...

CVE-2018-16955

The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting XSS. The content of the inhiredirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MIT...

lawn-login exposes database password to unauthorized users

The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process...

CVE-2014-5000

The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process...

CVE-2017-17030

A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices...

Buffer overflow

A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices...

CVE-2017-17030

A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices...

blogtraffic.de XSS vulnerability

Vulnerable URL: http://www.blogtraffic.de/index.php?function=login=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert%28%2Fopenbugbounty%2F%29%3E=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert%28%2Fopenbugbounty%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at 05.09.2017...

Cisco Ultra Services Framework Remote Security Bypass Vulnerability

Cisco Ultra Services Framework is the United States Cisco Cisco a smart online services payment platform. A security vulnerability exists in the AutoVNF login function in Cisco Ultra Services Framework, which is a program that fails to perform sufficient detection when creating a directory on a...

The vulnerability of the Debian GNU/Linux operating system and the DBD::mysql driver allows attackers to exert undefined effects.

The vulnerability of the mylogin function in the Debian GNU/Linux operating system and the DBD::mysql driver is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to have unpredictable effects by using the mysqlerrno function after the mylogin...

CVE-2015-8949

Use-after-free vulnerability in the mylogin function in DBD::mysql before 4.03301 allows attackers to have unspecified impact by leveraging a call to mysqlerrno after a failure of mylogin...