6 matches found
PT-2024-28786 · Sl 500 +2 · Sl 500 +2
Name of the Vulnerable Software and Affected Versions: Solar-Log 1000 versions prior to 2.8.2 and build 52-23.04.2013 SL 200 versions prior to 3.0.0-60 SL 500 versions prior to 3.0.0-60 Description: The issue concerns the storage of plaintext passwords in certain files, specifically export.html,...
PT-2024-24761 · Unknown · Loginpress Pro
Name of the Vulnerable Software and Affected Versions: LoginPress Pro versions prior to 3.0.0 Description: The issue is related to an Improper Restriction of Excessive Authentication Attempts, which allows for the removal of important client functionality. Recommendations: For versions prior to...
PT-2024-24762 · Unknown · Loginpress Pro
Name of the Vulnerable Software and Affected Versions: LoginPress Pro versions prior to 3.0.0 Description: The issue is related to a Missing Authorization vulnerability in LoginPress Pro. Recommendations: For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue...
PT-2024-1507 · WordPress · Web3
Name of the Vulnerable Software and Affected Versions: Web3 WordPress plugin versions prior to 3.0.0 Description: The issue is related to an authentication bypass due to incorrect authentication checking in the login flow. This is caused by vulnerabilities in the handle auth request and handle...
Forgeable Public/Private Tokens in jws
Affected versions of the jws package allow users to select what algorithm the server will use to verify a provided JWT. A malicious actor can use this behaviour to arbitrarily modify the contents of a JWT while still passing verification. For the common use case of the JWT as a bearer token, the...
PT-2019-17683 · Nextcloud · Nextcloud Android App
Name of the Vulnerable Software and Affected Versions: Nextcloud Android app versions prior to 3.0.0 Description: The issue allows for the destruction of a local cache when a harmful query is executed, requiring the user to reset up the account. This occurs due to SQL Injection in the Nextcloud...