427 matches found
CVE-2025-9977
Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...
CVE-2025-9977
CVE-2025-9977 affects Times Software E-Payroll. The issue stems from improper sanitization of data in a POST parameter during login, which could let an unauthenticated attacker cause a DoS and may enable SQL injection; command injection attempts have also produced detailed error messages exposing...
EUVD-2025-198043
Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...
CVE-2025-59113 Bruteforce Protection Bypass in Windu CMS
Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...
PT-2025-47333
Name of the Vulnerable Software and Affected Versions Times Software E-Payroll affected versions not specified Description The application does not properly sanitize data received in POST parameters during the login process, potentially allowing an unauthenticated attacker to perform...
CVE-2025-13271
A vulnerability was determined in Campcodes School Fees Payment Management System 1.0. This impacts an unknown function of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...
PT-2025-47057
Name of the Vulnerable Software and Affected Versions Simple Cafe Ordering System version 1.0 Description A SQL injection issue exists in Simple Cafe Ordering System 1.0. The issue is related to the manipulation of the Username parameter within the /login.php file. This manipulation can be...
CVE-2025-55342
Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiarpasswordolvidovalidar.php txtlogin parameter...
Ecuador Quipux 安全漏洞
Ecuador Quipux is an electronic document management and process system from Ecuador Ecuador. A security vulnerability exists in Ecuador Quipux versions 4.0.1 through e1774ac, which stems from improper handling of the txtlogin parameter and could lead to username enumeration and access to the...
PT-2025-45155
Name of the Vulnerable Software and Affected Versions Quipux versions 4.0.1 through e1774ac Description The software allows for the enumeration of usernames and access to the Ecuadorean identification number for all registered users. This is achieved by manipulating the txt login parameter within...
EUVD-2025-37931
Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiarpasswordolvidovalidar.php txtlogin parameter...
CVE-2025-55342
Quipux 4.0.1 through e1774ac is affected by a vulnerability in the Administracion/usuarios/cambiar_password_olvido_validar.php endpoint that allows enumeration of usernames and access to the Ecuadorian identification number for all registered users via the txt_login parameter. The issue stems fro...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27643)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and escaping of the SERVICE, LOGIN, and PASSWORD parameters, which could be exploited by...
CVE-2025-64116 Movary vulnerable to an open redirect
Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0...
CVE-2025-64116 Movary vulnerable to an open redirect
Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0...
PT-2025-44443
Name of the Vulnerable Software and Affected Versions Movary versions prior to 0.69.0 Description Movary is a web application used for tracking and exploring movie watch history. Prior to version 0.69.0, the login page accepts a redirect parameter without proper validation. This allows attackers ...
CVE-2025-34309
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...
CVE-2025-34309
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...
CVE-2025-34309 IPFire < v2.29 Stored XSS via Dynamic DNS Host
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...
online-shopping-system 安全漏洞
online-shopping-system is an online shopping system by Puneeth Reddy H C Individual Developer. A security vulnerability exists in online-shopping-system version 1.0, which stems from an unvalidated parameter password in login.php, which could lead to a SQL injection attack...