132 matches found
Logic Flaw Vulnerability in the Backend Management Login Interface of Angel School Training Website System
Angel school training website system is an open source website management system. Angel school training website system back-end management login interface has a logic flaw vulnerability that can be exploited by an attacker to violently break the administrator's password...
SQL Injection Vulnerability in the Login Interface of BodaTech Enterprise Website Management System
Liaocheng Boda Network Technology Co., Ltd. is mainly engaged in developing commercial websites. SQL injection vulnerability exists in the login interface of Boda's enterprise website management system, which can be exploited by attackers to obtain database information...
Logic Flaw Vulnerability in eXtplorer Login Interface
eXtplorer is a file management based on PHP and ExtJS development of the text based on PHP and ExtJS development of the file management of the file management device manager . A logic flaw vulnerability exists in the eXtplorer login interface, which can be exploited by an attacker to gain server...
CVE-2018-18285
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database...
CVE-2018-18285
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database...
CVE-2018-9031
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...
Design/Logic Flaw
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...
Remote Command Execution Vulnerability in HP iLO
iLo stands for Integrated lights-out and is the remote management port integrated into HP servers. A remote command execution vulnerability exists in HP iLO, which can be exploited by an attacker to obtain a remote login interface and execute remote commands...
MT4 Networks SenhaSegura Web Application Session Fixation Vulnerability
MT4 Networks SenhaSegura Web Application is an Identity Rights Management Web Application from the MT4 Group in Brazil. A session fixation vulnerability exists in MT4 Networks SenhaSegura Web Application version 2.2.23.8. An attacker can exploit this vulnerability to gain privileges with the help...
CVE-2017-11562
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via loginif.php...
CVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...
方维团购最新版通杀注入(附大量案例)
简要描述: RT $$$$$$$$$$$$$$$$$$$$$$$ 详细说明: 官网没成功。但是基本通杀。 存在问题的地方是这个登录接口:m.php?m=User&a=doLogin post:origURL=ghost&password=ghost&email=ghost(email参数没有过滤) 报错注入 http://www.qianrengou.com/m.php?m=User&a=doLogin post:post:origURL=ghost&password=ghost&email=ghost 默认后台:admin.php...
MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability
No description provided by source. !-- Title: MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability Vendor: MODx, LLC. Product web page: http://www.modxcms.com Affected version: 2.0.4-pl2 public launch 2 Summary: MODx Revolution is a powerful PHP Content Management Framework that...
SolarWinds Storage Manager SQL Injection
Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...
SolarWinds Storage Manager SQL Injection
Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...
[ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration
Hi sec-folks, I recently discuss with Ariadne team to public disclose two new different vulnerabilities found in Ariadne Content Manager ACM. As the name says, ACM is an enterprise solution for content management mainly used by big private and public companies and institutions. This is the site o...
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that 1 create accounts or 2 reset passwords, related to the Special:Userlogin form...
CVE-2010-1648
Cross-site request forgery CSRF vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that 1 create accounts or 2 reset passwords, related to the Special:Userlogin form...
Cybozu Office Authentication Bypass Vulnerability (Windows)
This host is installed with Cybozu Office and is prone to authentication bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodcybozuofficeauthbypassvulnwin.nasl 5394 2017-02-22 09:22:42Z teissa $ Cybozu Office Authentication Bypass Vulnerability Windows Authors: Madhuri D Copyright:...