8 matches found
CVE-2024-6289
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...
CVE-2024-23486
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials...
BUFFALO wireless LAN routers 安全漏洞
Buffalo BUFFALO wireless LAN routers are a series of routers from Buffalo, Japan. A security vulnerability exists in BUFFALO wireless LAN, which arises from passwords being stored in clear text. An attacker could exploit the vulnerability to gain access to the product's login page to obtain...
CVE-2023-5089 Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled...
PT-2022-25526 · Modern Campus · Modern Campus - Omni Cms
Name of the Vulnerable Software and Affected Versions: Modern Campus Omni CMS formerly OU Campus version 10.2.4 Description: The issue allows for SQL injection via a specific substring on the login page. This can be achieved by using a substring such as ' OR 1 = 1 -- - , ?php'. Recommendations: F...
LOCKON EC-CUBE Access Privilege Vulnerability (CNVD-2016-02686)
LOCKON EC-CUBE is an open source e-commerce website building platform developed by Japan LOCKON Co. The platform supports product login, user evaluation, artwork layout and so on. An access privilege vulnerability exists in LOCKON EC-CUBE versions 3.0.0 through 3.0.9. A remote attacker can exploi...
EC-CUBE fails to restrict access permissions
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Note that this vulnerability is different from JVN11458774. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC...
SQL injection in PHPGroupware
Preface PHPGroupware is a Groupware application written in PHP. It provides a framework of applications like calendar, ToDo list, notes, HR management, that come with PHPGroupware as well as an API to write new applications. All data is stored in an SQL database. + Problem PHPGroupware 0.9.12 the...