Lucene search
+L

38 matches found

OSV
OSV
added 2023/01/03 3:15 a.m.4 views

CVE-2022-39042

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

9.8CVSS5.9AI score0.01454EPSS
Exploits0References1
Prion
Prion
added 2022/08/27 9:15 a.m.19 views

Sql injection

A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated...

7.5CVSS9.7AI score0.00466EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/12 10:15 a.m.3 views

CVE-2022-33736

A vulnerability has been identified in Opcenter Quality V13.1 All versions V13.1.20220624, Opcenter Quality V13.2 All versions V13.2.20220624. The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing...

7.5CVSS5.8AI score0.01249EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.5 views

Siemens Opcenter Quality 授权问题漏洞

Opcenter Quality is a quality management system QMS that enables organizations to protect compliance, optimize quality, reduce defects and rework costs, and achieve operational excellence by improving process stability.An authentication bypass vulnerability exists in Siemens Opcenter Quality, whi...

7.5CVSS5.7AI score0.01249EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.8 views

The vulnerability of the OpenSSH cryptographic protection mechanism, related to the disclosure of information, allows attackers to gain access to confidential data.

The vulnerability of the OpenSSH cryptographic protection lies in the fact that the login attempt is only allowed if the combination of the user’s name and password is valid for accessing the system. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

5.3CVSS6.7AI score0.05326EPSS
Exploits1References8Affected Software4
Veracode
Veracode
added 2021/08/18 2:49 a.m.5 views

Privilege Escalation

dolibarr/dolibarr is vulnerable to privilege escalation. A user with an admin level privilege is able to change other users details but fails to validate already existing “Login” name, while renaming the user “Login”, leading to a complete account takeover of the victim user...

7.2CVSS6.6AI score0.00935EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/08/17 12:0 a.m.7 views

PT-2021-16880 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr versions 3.3.beta1 20121221 through 13.0.2 Description: The issue allows admin level users to change other user's details but fails to validate already existing Login name, while renaming the user Login. This leads to complete accoun...

7.2CVSS7.3AI score0.00935EPSS
Exploits0References13
CNVD
CNVD
added 2018/07/12 12:0 a.m.43 views

Microsoft ASP.NET Core Security Bypass Vulnerability

Microsoft ASP.NET is a cross-platform open-source framework from the American company Microsoft Microsoft. The framework is used to build cloud-based applications such as Web applications, IoT applications, and mobile backends. A security bypass vulnerability exists in Microsoft ASP.NET Core, whi...

7.5CVSS7.4AI score0.09832EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/09 12:0 a.m.4 views

Sierra Wireless AirLink Raven XE and XT Cross-Site Request Forgery Vulnerability

The Sierra Wireless AirLink Raven XE and XT are both wireless gateway products from Sierra Wireless Canada. A cross-site request forgery vulnerability exists in the Sierra Wireless AirLink Raven XE and XT due to the program failing to validate that the request is from a logged in user. A remote...

8.8CVSS6.8AI score0.00641EPSS
Exploits0References1
CNVD
CNVD
added 2016/09/03 12:0 a.m.3 views

RaiseDreams Crowdfunding System 2.2.4 suffers from a login validation design vulnerability

RaiseDreams is an enterprise-level crowdfunding website platform. A login validation design vulnerability exists in the RaiseDreams crowdfunding system 2.2.4, which arises because the user login password is not verified, allowing an attacker to exploit the vulnerability to log in to the system an...

6.8AI score
Exploits0References1
NVD
NVD
added 2015/06/01 7:59 p.m.9 views

CVE-2015-2270

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course...

4.3CVSS6AI score0.01876EPSS
Exploits0References3
OSV
OSV
added 2015/06/01 7:59 p.m.3 views

UBUNTU-CVE-2015-2270

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course...

4.3CVSS5.8AI score0.01876EPSS
Exploits0References4
Metasploit
Metasploit
added 2014/08/21 1:18 a.m.14 views

IP Board Login Auxiliary Module

This module attempts to validate user provided credentials against an IP Board web application. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/ipboard' require...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2013/10/09 9:50 p.m.34 views

[Smbexec v2.0] A rapid tool based on psexec style attack with samba tools

A rapid tool based on psexec style attack with samba tools. Key features Enumerate systems with domain admin logged in Grab hashes Extract cached creds based on cachedump Remote Login Validation Dump cleartext credentials Pop shells Includes smbexec.sh installer.sh patches to compile binaries...

7.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2011/08/18 12:0 a.m.50 views

Remote Authentication Message Check

In order to avoid false positives, this plugin determines if the remote system accepts any kind of login. Some SSH implementations claim that a login has been accepted when it has not. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55900; scriptversion"1.11";...

5.3AI score
Exploits0
myhack58
myhack58
added 2010/09/29 12:0 a.m.23 views

JE CMS 1.0.0 universal password to log in with the injection vulnerability-vulnerability warning-the black bar safety net

JE CMS = 1.0.0 program appeared two vulnerabilities, one in the login authentication can be using Universal password bypass. Another isSQL injectionvulnerabilities. 1. Bypass Authentication by SQL Injection Vulnerability //login validation vulnerability in administrator\login.php page, lines...

1AI score
Exploits0
seebug.org
seebug.org
added 2010/02/03 12:0 a.m.118 views

ExtMail1.2 邮件系统跨站脚本漏洞(3P)

北洋贱队2009.12.31首发 Extmail 是一个以perl语言编写,面向大容量/ISP级应用,免费的高性能Webmail软件。 最新版本为1.2,检测出三出处跨站漏洞。 1.免费新用户注册的"signup.cgi"对‘domain’参数未进行参数过滤,构建恶意脚本代码作为参数数据,并诱使用户访问恶意链接,可触发恶意脚本代码在目标用户浏览器上执行,导致敏感信息泄漏。 demo:http://demo.extmail.org/extman/cgi/signup.cgi?domain=%22%3E%3Ciframe%20src=http://www.gohack.org%3E...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2003/08/27 12:0 a.m.33 views

newsPHP file inclusion & bad login validation

newsPHP arbitary file inclusion & bad login validation ===+++===+++===+++ Product: newsPHP Version: = v216 Vendor: http://www.nphp.net Author: Officerrr [email protected] Discover by: Officerrr [email protected] Vendor Response: Not contacted yet... ===+++===+++===+++ Problem 1:...

0.4AI score
Exploits0
Rows per page
Query Builder