CVE-2026-43875

The CVE describes a vulnerability in WWBN/AVideo where plugin/MobileManager/oauth2.php leaks the user password hash via a GET redirect: it redirects with Location: oauth2Success.php?user=&pass=, and the hash is the stored password hash (md5(hash("whirlpool", sha1(password)))) read from the users ...

CVE-2026-43875 WWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account Takeover

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly fro...

EUVD-2024-52418

Malicious code in bioql PyPI...

CVE-2024-54295

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through = 1.7.7...

CVE-2024-54295

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through = 1.7.7...

CVE-2024-54295 WordPress ListApp Mobile Manager plugin <= 1.7.7 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through = 1.7.7...

CVE-2024-54295

CVE-2024-54295 affects ListApp Mobile Manager. The issue is Missing Authorization to Privilege Escalation leading to Authentication Bypass (CVE-2024-54295). CVSS 3.1 base score 9.8 (CRITICAL); attack vector NETWORK, no user interaction required, impact to confidentiality, integrity, and availabil...

CVE-2024-54295 WordPress ListApp Mobile Manager plugin <= 1.7.7 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through = 1.7.7...

WordPress plugin ListApp Mobile Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

PT-2024-36176 · Inspireui · Inspireui Listapp Mobile Manager

Name of the Vulnerable Software and Affected Versions: InspireUI ListApp Mobile Manager versions 1.7.7 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, which allows unauthorized access. Recommendations: For versions 1.7.7 and earlier,...

WordPress ListApp Mobile Manager plugin <= 1.7.7 - Account Takeover vulnerability

Account Takeover vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin ListApp Mobile Manager versions = 1.7.7...