Lucene search
K

132 matches found

CNVD
CNVD
added 2020/01/09 12:0 a.m.1 views

Logic Flaw Vulnerability in the Backend Management Login Interface of Angel School Training Website System

Angel school training website system is an open source website management system. Angel school training website system back-end management login interface has a logic flaw vulnerability that can be exploited by an attacker to violently break the administrator's password...

6.9AI score
Exploits0
CNVD
CNVD
added 2019/07/13 12:0 a.m.1 views

SQL Injection Vulnerability in the Login Interface of BodaTech Enterprise Website Management System

Liaocheng Boda Network Technology Co., Ltd. is mainly engaged in developing commercial websites. SQL injection vulnerability exists in the login interface of Boda's enterprise website management system, which can be exploited by attackers to obtain database information...

8AI score
Exploits0
CNVD
CNVD
added 2019/06/21 12:0 a.m.2 views

Logic Flaw Vulnerability in eXtplorer Login Interface

eXtplorer is a file management based on PHP and ExtJS development of the text based on PHP and ExtJS development of the file management of the file management device manager . A logic flaw vulnerability exists in the eXtplorer login interface, which can be exploited by an attacker to gain server...

7.2AI score
Exploits0
OSV
OSV
added 2019/04/25 8:29 p.m.1 views

CVE-2018-18285

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database...

9.8CVSS6AI score0.01844EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/04/25 7:12 p.m.17 views

CVE-2018-18285

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database...

10AI score0.01844EPSS
Exploits0References2
OSV
OSV
added 2018/03/29 4:29 p.m.4 views

CVE-2018-9031

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...

9.8CVSS5.8AI score0.01586EPSS
Exploits1References2
Prion
Prion
added 2018/03/29 4:29 p.m.14 views

Design/Logic Flaw

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...

5CVSS9.4AI score0.01586EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2018/02/08 12:0 a.m.2 views

Remote Command Execution Vulnerability in HP iLO

iLo stands for Integrated lights-out and is the remote management port integrated into HP servers. A remote command execution vulnerability exists in HP iLO, which can be exploited by an attacker to obtain a remote login interface and execute remote commands...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/01/02 12:0 a.m.1 views

MT4 Networks SenhaSegura Web Application Session Fixation Vulnerability

MT4 Networks SenhaSegura Web Application is an Identity Rights Management Web Application from the MT4 Group in Brazil. A session fixation vulnerability exists in MT4 Networks SenhaSegura Web Application version 2.2.23.8. An attacker can exploit this vulnerability to gain privileges with the help...

8.8CVSS7.1AI score0.01035EPSS
Exploits0References1
OSV
OSV
added 2017/12/19 2:29 a.m.1 views

CVE-2017-11562

A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via loginif.php...

8.8CVSS5.8AI score0.01035EPSS
Exploits0References1
OSV
OSV
added 2017/04/22 10:59 p.m.5 views

CVE-2017-8055

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...

5.3CVSS5.8AI score0.01591EPSS
Exploits1References4
seebug.org
seebug.org
added 2014/10/10 12:0 a.m.65 views

方维团购最新版通杀注入(附大量案例)

简要描述: RT $$$$$$$$$$$$$$$$$$$$$$$ 详细说明: 官网没成功。但是基本通杀。 存在问题的地方是这个登录接口:m.php?m=User&a=doLogin post:origURL=ghost&password=ghost&email=ghost(email参数没有过滤) 报错注入 http://www.qianrengou.com/m.php?m=User&a=doLogin post:post:origURL=ghost&password=ghost&email=ghost 默认后台:admin.php...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.36 views

MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability

No description provided by source. !-- Title: MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability Vendor: MODx, LLC. Product web page: http://www.modxcms.com Affected version: 2.0.4-pl2 public launch 2 Summary: MODx Revolution is a powerful PHP Content Management Framework that...

7.1AI score
Exploits0
Saint
Saint
added 2012/05/17 12:0 a.m.26 views

SolarWinds Storage Manager SQL Injection

Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...

0.7AI score
Exploits0
Saint
Saint
added 2012/05/17 12:0 a.m.19 views

SolarWinds Storage Manager SQL Injection

Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2011/01/07 12:0 a.m.37 views

[ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration

Hi sec-folks, I recently discuss with Ariadne team to public disclose two new different vulnerabilities found in Ariadne Content Manager ACM. As the name says, ACM is an enterprise solution for content management mainly used by big private and public companies and institutions. This is the site o...

0.9AI score
Exploits0
exploitpack
exploitpack
added 2010/12/06 12:0 a.m.31 views

MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting

MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $...

7.1AI score
Exploits0
Prion
Prion
added 2010/06/08 12:30 a.m.19 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that 1 create accounts or 2 reset passwords, related to the Special:Userlogin form...

6.8CVSS7.5AI score0.00611EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2010/06/07 8:0 p.m.26 views

CVE-2010-1648

Cross-site request forgery CSRF vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that 1 create accounts or 2 reset passwords, related to the Special:Userlogin form...

6.8AI score0.00611EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2010/06/01 12:0 a.m.26 views

Cybozu Office Authentication Bypass Vulnerability (Windows)

This host is installed with Cybozu Office and is prone to authentication bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodcybozuofficeauthbypassvulnwin.nasl 5394 2017-02-22 09:22:42Z teissa $ Cybozu Office Authentication Bypass Vulnerability Windows Authors: Madhuri D Copyright:...

5.8CVSS6.9AI score0.01374EPSS
Exploits0References4
Rows per page
Query Builder