EUVD-2017-11891

Malware in sbrugna...

CVE-2017-15290

Mirasys Video Management System VMS 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality...

Design/Logic Flaw

LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login...

Design/Logic Flaw

In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application...

PT-2023-22009 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 2.5.0 through 3.5.7 Mastodon versions 3.5.8 is not affected, but versions prior to 3.5.8 are affected, however 4.0.3 and prior to 4.0.4 and 4.1.1 and prior to 4.1.2 are also affected. Mastodon versions 2.5.0 through 4.1.1...

CVE-2023-23127

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than HTTPS during troubleshooting...

CVE-2021-45786

In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges...

CVE-2021-35498 TIBCO EBX Insecure Login Mechanism

The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it...

Insecure Login

rh-sso7-keycloak is using insecure login. The vulnerability exists because it allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...

CVE-2021-27495

Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint...

Design/Logic Flaw

Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint...

CVE-2021-27495

Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint...

CVE-2017-2748

A potential security vulnerability caused by the use of insecure http transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue...

Coalition, Inc.: Non-Cloudflare IPs allowed to access origin servers

Hello Security Team, Summary: Like report 255978 It is possible to access origin servers served by nginx and not cloudflare. Description: Even though these IP's don't serve a functional version of the app it is possible to enable DDoS attacks by bypassing cloudflare protections. Steps To Reproduc...

CVE-2017-17735

CMS Made Simple CMSMS before 2.2.5 does not properly cache login information in cookies...

Design/Logic Flaw

In the ldap.v2 aka go-ldap package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: 1 it relies only on the return error of the Bind function call to determine whether a user is...

Insecure Login Defaults

github.com/go-authboss/authboss is vulnerable to insecure login. The library successfully logs in when a confirmation link is clicked. This means a malicious user can log in if they obtain a confirmation or password reset link...

Simple Document Management System 1.1.4 - SQL Injection Auth Bypass

No description provided by source. SDMS Simple Document Management System v1.1.4 SQL Injection Author: Yuri Program: SDMS Simple Document Management System Version: v1.1.4 and probably all older versions as well Website: http://sdms.cafuego.net/ How it works The login system is very insecure, thi...

Simple Document Management System 1.1.4 SQL Injection Auth Bypass

Exploit for php platform in category web applications ================================================================= Simple Document Management System 1.1.4 SQL Injection Auth Bypass ================================================================= SDMS Simple Document Management System v1.1.4...

Simple Document Management System 1.1.4 - Authentication Bypass

Simple Document Management System 1.1.4 - Authentication Bypass SDMS Simple Document Management System v1.1.4 SQL Injection Author: Yuri Program: SDMS Simple Document Management System Version: v1.1.4 and probably all older versions as well Website: http://sdms.cafuego.net/ How it works The login...