38 matches found
CVE-2022-39042
aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...
Sql injection
A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated...
CVE-2022-33736
A vulnerability has been identified in Opcenter Quality V13.1 All versions V13.1.20220624, Opcenter Quality V13.2 All versions V13.2.20220624. The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing...
Siemens Opcenter Quality 授权问题漏洞
Opcenter Quality is a quality management system QMS that enables organizations to protect compliance, optimize quality, reduce defects and rework costs, and achieve operational excellence by improving process stability.An authentication bypass vulnerability exists in Siemens Opcenter Quality, whi...
The vulnerability of the OpenSSH cryptographic protection mechanism, related to the disclosure of information, allows attackers to gain access to confidential data.
The vulnerability of the OpenSSH cryptographic protection lies in the fact that the login attempt is only allowed if the combination of the user’s name and password is valid for accessing the system. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...
Privilege Escalation
dolibarr/dolibarr is vulnerable to privilege escalation. A user with an admin level privilege is able to change other users details but fails to validate already existing “Login” name, while renaming the user “Login”, leading to a complete account takeover of the victim user...
PT-2021-16880 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr versions 3.3.beta1 20121221 through 13.0.2 Description: The issue allows admin level users to change other user's details but fails to validate already existing Login name, while renaming the user Login. This leads to complete accoun...
Microsoft ASP.NET Core Security Bypass Vulnerability
Microsoft ASP.NET is a cross-platform open-source framework from the American company Microsoft Microsoft. The framework is used to build cloud-based applications such as Web applications, IoT applications, and mobile backends. A security bypass vulnerability exists in Microsoft ASP.NET Core, whi...
Sierra Wireless AirLink Raven XE and XT Cross-Site Request Forgery Vulnerability
The Sierra Wireless AirLink Raven XE and XT are both wireless gateway products from Sierra Wireless Canada. A cross-site request forgery vulnerability exists in the Sierra Wireless AirLink Raven XE and XT due to the program failing to validate that the request is from a logged in user. A remote...
RaiseDreams Crowdfunding System 2.2.4 suffers from a login validation design vulnerability
RaiseDreams is an enterprise-level crowdfunding website platform. A login validation design vulnerability exists in the RaiseDreams crowdfunding system 2.2.4, which arises because the user login password is not verified, allowing an attacker to exploit the vulnerability to log in to the system an...
CVE-2015-2270
lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course...
UBUNTU-CVE-2015-2270
lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course...
IP Board Login Auxiliary Module
This module attempts to validate user provided credentials against an IP Board web application. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/ipboard' require...
[Smbexec v2.0] A rapid tool based on psexec style attack with samba tools
A rapid tool based on psexec style attack with samba tools. Key features Enumerate systems with domain admin logged in Grab hashes Extract cached creds based on cachedump Remote Login Validation Dump cleartext credentials Pop shells Includes smbexec.sh installer.sh patches to compile binaries...
Remote Authentication Message Check
In order to avoid false positives, this plugin determines if the remote system accepts any kind of login. Some SSH implementations claim that a login has been accepted when it has not. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55900; scriptversion"1.11";...
JE CMS 1.0.0 universal password to log in with the injection vulnerability-vulnerability warning-the black bar safety net
JE CMS = 1.0.0 program appeared two vulnerabilities, one in the login authentication can be using Universal password bypass. Another isSQL injectionvulnerabilities. 1. Bypass Authentication by SQL Injection Vulnerability //login validation vulnerability in administrator\login.php page, lines...
ExtMail1.2 邮件系统跨站脚本漏洞(3P)
北洋贱队2009.12.31首发 Extmail 是一个以perl语言编写,面向大容量/ISP级应用,免费的高性能Webmail软件。 最新版本为1.2,检测出三出处跨站漏洞。 1.免费新用户注册的"signup.cgi"对‘domain’参数未进行参数过滤,构建恶意脚本代码作为参数数据,并诱使用户访问恶意链接,可触发恶意脚本代码在目标用户浏览器上执行,导致敏感信息泄漏。 demo:http://demo.extmail.org/extman/cgi/signup.cgi?domain=%22%3E%3Ciframe%20src=http://www.gohack.org%3E...
newsPHP file inclusion & bad login validation
newsPHP arbitary file inclusion & bad login validation ===+++===+++===+++ Product: newsPHP Version: = v216 Vendor: http://www.nphp.net Author: Officerrr [email protected] Discover by: Officerrr [email protected] Vendor Response: Not contacted yet... ===+++===+++===+++ Problem 1:...