19 matches found
EUVD-2023-60570
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...
CVE-2023-54347
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...
PT-2026-37002
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...
CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...
CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...
Ruoyi 授权问题漏洞
Ruoyi is a backend management system for Ruoyi's individual developers. An authorization issue vulnerability exists in Ruoyi version 4.8.1 and prior versions, which stems from an incorrect operation of the parameter userIds in the file /system/role/authUser/selectAll, which may result in improper...
CVE-2023-7308
CVE-2023-7308 affects NSFOCUS SecGate3600. Affected component is the /cgi-bin/authUser/authManageSet.cgi endpoint, where authentication checks are not enforced on POST requests, allowing unauthenticated remote access to sensitive data (user identifiers, configuration details). Exploitation eviden...
PT-2025-34951 · Nsfocus · Secgate3600
Name of the Vulnerable Software and Affected Versions: SecGate3600 affected versions not specified Description: SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure issue. The vulnerable component fails to enforce authentication checks on POST...
CVE-2025-8124
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/unallocatedList. The manipulation of the argument paramsdataScope leads to sql injection. The attack can be...
deer-wms-2 SQL注入漏洞
deer-wms-2 is an open source warehouse management system from China's deerwms. A security vulnerability exists in deer-wms-2 3.3 and earlier versions, which originates from SQL injection due to incorrect manipulation of paramsdataScope in the file /system/role/authUser/unallocatedList...
VulnCheck KEV: CVE-2023-7308
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...
CVE-2022-47909
Livestatus Query Language LQL injection in the AuthUser HTTP query header of Tribe29's Checkmk = 2.1.0p11, Checkmk = 2.0.0p28, and all versions of Checkmk 1.6.0 EOL allows an attacker to perform direct queries to the application's core from localhost...
CVE-2022-47909
Livestatus Query Language LQL injection in the AuthUser HTTP query header of Tribe29's Checkmk = 2.1.0p11, Checkmk = 2.0.0p28, and all versions of Checkmk 1.6.0 EOL allows an attacker to perform direct queries to the application's core from localhost...
PT-2023-15524 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 through 2.1.0p11 Checkmk versions 2.0.0 through 2.0.0p28 Description: The issue allows an attacker to perform direct queries to the application's core from localhost by injecting Livestatus Query Language LQL in the...
plano mostracategoria (id) Remote SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================================= plano mostracategoria id Remote SQL Injection Vulnerability ============================================================= Author: kalashnikov Software Link: download link if availab...
Pixelactivo 3.0 - 'idx' SQL Injection
-------------------------AllaH AkbaR------------------------------- Pixelactivo Remote SQL Injection Vulnerability --------------------------------------------------------------------------- Discovered By: Snakespc ALGERIAN HaCkEr Mail: [email protected] Site:http://www.snakespc.com/sc/index.php...
Authentication flaw
PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username...
PAD Site Scripts 3.6 - Insecure Cookie Handling
======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= + Script :PAD Site Scripts v3.6 Insecure Cookie Handling Vulnerability + Found by : Mr.tro0oqy + C0ntact : [email protected]...
bwired (index.php newsID) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================ bwired index.php newsID Remote SQL Injection Vulnerability ============================================================ / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ ...