Lucene search
K

262 matches found

NVD
NVD
added 2025/12/15 9:15 p.m.4 views

CVE-2023-53878

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request...

6.9CVSS0.00309EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.19 views

CVE-2023-53878 Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request...

6.9CVSS0.00309EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.3 views

CVE-2023-53878 Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request...

6.9CVSS6.6AI score0.00309EPSS
Exploits0References3
CVE
CVE
added 2025/12/15 8:28 p.m.8 views

CVE-2023-53878

CVE-2023-53878 — Member Login Script 3.3 involves a client-side desynchronization vulnerability tied to parsing the Content-Length header. The flaw allows attackers to manipulate HTTP request handling by smuggling secondary requests within crafted POST payloads, potentially bypassing server-side ...

6.9CVSS6.6AI score0.00309EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.6 views

Phpjabbers Member Login Script 环境问题漏洞

Phpjabbers Member Login Script is a Phpjabbers open source account management framework. An environmental issue vulnerability exists in Phpjabbers Member Login Script version 3.3, which stems from a client-side desynchronization vulnerability that could lead to manipulation of HTTP request...

6.9CVSS6.7AI score0.00309EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51296

Name of the Vulnerable Software and Affected Versions Member Login Script version 3.3 Description The software contains a client-side desynchronization issue related to how HTTP requests are handled. Specifically, the vulnerability stems from the parsing of the Content-Length header. An attacker...

6.9CVSS6.6AI score0.00309EPSS
Exploits0References6
OSV
OSV
added 2025/12/13 4:16 p.m.5 views

CVE-2025-14619

A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file loginquery.php. Performing manipulation of the argument studno results in sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS5.8AI score0.00436EPSS
Exploits1References6
OSV
OSV
added 2025/12/12 4:15 p.m.3 views

CVE-2025-14565

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...

9.8CVSS5.7AI score0.00333EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/12 3:32 p.m.29 views

CVE-2025-14565 kidaze CourseSelectionSystem login1.php sql injection

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...

7.5CVSS0.00333EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/10 9:31 p.m.4 views

EUVD-2020-30841

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

6.9CVSS6.3AI score0.00336EPSS
Exploits1References5
OSV
OSV
added 2025/12/10 9:16 p.m.2 views

CVE-2020-36888

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

5.3CVSS5.8AI score0.00336EPSS
Exploits1References4
NVD
NVD
added 2025/12/10 9:16 p.m.5 views

CVE-2020-36888

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

6.9CVSS0.00336EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 8:51 p.m.12 views

CVE-2020-36888

CVE-2020-36888 affects SpinetiX Fusion Digital Signage 3.4.8. The flaw is a username enumeration vulnerability in the login script that lets an attacker distinguish valid user accounts by analyzing server error responses to crafted login requests. This is the only concrete detail available: the a...

6.9CVSS6.4AI score0.00336EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/10 8:51 p.m.19 views

CVE-2020-36888 SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

6.9CVSS0.00336EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/10 8:51 p.m.2 views

CVE-2020-36888 SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

6.9CVSS6.4AI score0.00336EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.5 views

PT-2025-50512

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

6.9CVSS6.8AI score0.00336EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

SpinetiX Fusion Digital Signage 安全漏洞

SpinetiX Fusion Digital Signage is a digital signage software from SpinetiX Switzerland. A security vulnerability exists in SpinetiX Fusion Digital Signage version 3.4.8, which originates from the presence of a username enumeration in the login script, which could lead to the disclosure of accoun...

6.9CVSS6.5AI score0.00336EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/07 3:30 p.m.3 views

EUVD-2025-201603

A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/authlogin.php. Performing manipulation of the argument Username results in sql injection. The attack can be initiated remotely. The explo...

7.5CVSS6.3AI score0.00274EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/07 12:0 a.m.6 views

PT-2025-49405

A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/auth login.php. Performing manipulation of the argument Username results in sql injection. The attack can be initiated remotely. The...

7.5CVSS6.9AI score0.00274EPSS
Exploits0References5
NVD
NVD
added 2025/12/02 6:15 p.m.2 views

CVE-2025-65881

Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting XSS in /classes/Login.php...

6.1CVSS0.002EPSS
Exploits1References2
Rows per page
Query Builder