Authentication bypass vulnerability in Western Digital My Cloud

Abstract It was discovered that Western Digital My Cloud is affected by an authentication bypass vulnerability. By exploiting this vulnerability, an unauthenticated attacker can bypass the login functionality and gain full control of the device. Tested versions This vulnerability was successfully...

CVE-2018-8813

Open redirect vulnerability in the loginredirect parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL...

CVE-2018-8813

CVE-2018-8813 describes an open redirect vulnerability in WolfCMS 0.8.3.1, where the login[redirect] parameter in the login functionality can be exploited to redirect users to arbitrary external sites, enabling phishing scenarios. The connected documents consistently confirm the affected product/...

GoAutoDial 3.3 Authentication Bypass / Command Injection Exploit

This Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database...

Symfony PHP Framework Session Fixation

Advisory: Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality A session fixation vulnerability within the Symfony web application framework's "Remember Me" login functionality allows an attacker to impersonate the victim towards the web application if the session ID value...

CVE-2013-7137

The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burdenuserrememberme cookie to 1...

Novell Identity Manager Role Based Provisioning Module Unspecified Vulnerability

The remote web server has an install of Novell Identity Manager Role Based Provisioning Module that is affected by an unspecified vulnerability in its login functionality. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

CVE-2013-1083

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...

Design/Logic Flaw

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...

CVE-2013-1083

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...

Unfixed XSS vulnerability at www.blogsky.com

Security researcher a3q, has submitted on 21/01/2012 a cross-site-scripting XSS vulnerability affecting www.blogsky.com, which at the time of submission ranked 1089 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 25/01/2012. It is currently...

Code injection

Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors...

CVE-2006-1047

CVE-2006-1047 concerns Joomla! 1.0.7 and earlier, with an unspecified vulnerability in the Remember Me login functionality. The connected sources confirm the affected product and component, but describe the impact and attack vectors as unknown and do not provide a concrete root cause, exploit det...