12 matches found
Improper Authentication
github.com/1panel-dev/1panel is vulnerable to improper authentication.The vulnerability is due to improper server-side validation of a client-controlled parameter, which allows an unauthenticated attacker to bypass CAPTCHA protections and perform automated login attempts leading to potential...
CVE-2025-69246
Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6...
CVE-2025-66507
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...
CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...
GHSA-QMG5-V42X-QQHQ 1Panel – CAPTCHA Bypass via Client-Controlled Flag
Summary A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed,...
WordPress Plugin Groundhogg 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Login Authentication Goes Automated With New InsightAppSec Improvements
Move over, macros — automated login is here. At Rapid7, we know the most powerful tools in your security portfolio are the ones that help you understand your risks quickly. With our new automated login for InsightAppSec, you can access and scan even the most complex, modern applications quickly a...
Piwigo 11.3.0 SQL Injection Exploit
Exploit Title: SQL injection in language parameter to admin.php?page=languages.on Piwigo 11.3.0 Testing and Debugging: nu11secur1ty Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty...
RemoteClinic 2 Cross Site Scripting
Exploit Title: Cross Site Scripting XSS RemoteClinic on register.php Author: nu11secur1ty Debug: g3ck0dr1v3r Date: 04.21.2021 Vendor: RemoteClinic Link: https://github.com/remoteclinic/RemoteClinic CVE: CVE-2021-30044 + Exploit Source:...
Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack
Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which i...
SRC-2016-0008 : ATutor LMS confirm ‘SELECT’ Type Juggling Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication mechanism on vulnerable installations of ATutor. The specific flaw exists in the ‘confirm.php’ script when performing an automated login. The code uses a loose comparison when comparing the supplied...
Arachni v0.2.1 - penetration testers Framework - latest release
"Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications." This is the official change log: Major performance improvements Major system refactoring and code clean-up Major module API...