EUVD-2025-25902

Malicious code in bioql PyPI...

CVE-2025-9533 TOTOLINK T10 formLoginAuth.htm improper authentication

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed t...

CVE-2025-9533

TOTOLINK T10 v4.1.8cu.5241_B20210927 contains an improper authentication vulnerability in the /formLoginAuth.htm file. The issue arises from manipulating the authCode parameter (e.g., input 1) to bypass authentication. The vulnerability is exploitable remotely and has public disclosure. Connected...

TOTOLINK T10 安全漏洞

TOTOLINK T10 is a wireless network system router from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK T10 version 4.1.8cu.5241B20210927, which stems from improper authentication due to incorrect operation of the parameter authCode in the file /formLoginAuth.htm...

CVE-2025-6916

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...

CVE-2024-10654

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be...

CVE-2022-25825

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in...

CVE-2024-10654 TOTOLINK LR350 formLoginAuth.htm authorization

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be...

CVE-2022-25825

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in...

Improper access control

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in...

CVE-2022-25825

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in...

Discuz X3. 3 patch security analysis-vulnerability warning-the black bar safety net

Discuz official in 2017 8 May 1 release of the latest version of the X3. 4 version, the latest version fixes multiple security issues. 360CERT and 360 0KEE Team then for the events to follow. 0x01 vulnerability overview 360CERT and 360 0KEE Team by comparing DiscuzX3. 3SCUTF8 with DiscuzX3. 4SCUT...

Ability FTP Server 2.1.4 - Admin Panel AUTHCODE Command Remote DoS Exploit

Exploit for windows platform in category dos / poc !/usr/bin/env python Exploit Title: Ability FTP Server Admin Panel AUTHCODE Command Remote Dos Date: 2015-08-15 Exploit Author: St0rn Twitter: st0rnpentest Vendor Homepage: www.codecrafters.com Software Link:...

帝友P2P借贷系统某处代码执行漏洞

简要描述： 唉……这代码质量，顿时给跪下了。 详细说明： 这个洞洞需要结合上次爆的默认密钥一起来爽。 ====================上集回顾==================== 帝友在整个程序中使用了自定义的对称加密方式（通常被定义为authcode或类似名称），而如果不显式指定或修改源码，函数将会调用默认密钥。这是本漏洞触发的前置条件。 ===================上集回顾完=================== 随着审计工作的愉快进行，我发现到/plugins/avatar/avatar.class.php中一个方法长得很有趣： function...

thinksaas最新版xss2

简要描述： 详细说明： \app\group\action\add.php // 执行发布帖子 case "do" : if $POST 'token' != $SESSION 'token' tsNotice '非法操作！' ; $authcode = strtolower $POST 'authcode' ; if $TSSITE 'base' 'isauthcode' if $authcode != $SESSION 'verify' tsNotice "验证码输入有误，请重新输入！" ; $groupid = intval $POST 'groupid' ; $title =...

KPPW Sql 最新版 可修改管理密码

简要描述： 更新日期: 2014-05-19 12:17:29 。。可以修改管理密码 但是修改的密码是不可控的。 还是老老实实注入把。 详细说明： 在api/uc.php中 if!defined'INUC' requireonce '../appcomm.php'; requireonce SROOT.'/config/configucenter.php'; $get = $post = array; $code = @$GET'code'; parsestrauthcode$code, 'DECODE', UCKEY, $get; ifDEBUGUC==TRUE...

PHPMyWind 注入漏洞&任意用户登录

简要描述： PHPMyWind 注入漏洞&任意用户登录 详细说明： member.php if!empty$COOKIE'username' &&//从COOKIE里面解密username然后赋值 !empty$COOKIE'lastlogintime' && !empty$COOKIE'lastloginip' $cuname = AuthCode$COOKIE'username'; $clogintime = AuthCode$COOKIE'lastlogintime'; $cloginip = AuthCode$COOKIE'lastloginip'; else $cuname =...

Hacking tip: provide the right technical study _Discuz! Administrator a copy-and-vulnerability warning-the black bar safety net

Crossday Discuz! Board Forum systemDiscuz! Forumis the one using PHP and MySQL, and other various databases to build efficient forum to resolvethe programme. As a commercial software product, Discuz! In code quality, operational efficiency, load capacity, security level, functional control and...