7 matches found
EUVD-2014-3535
Malware in sbrugna...
Limit Login Attempts < 1.7.2 - Unauthenticated Stored XSS
The plugin does not sanitize and escape the IP address retrieved from headers such as X-Forwarded-For when the "Site Connection" settings is set to "From behind a reversy proxy", which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks Setup: As admin, set the...
Open redirect
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt...
CVE-2014-3549
Cross-site scripting XSS vulnerability in the getdescription function in lib/classes/event/userloginfailed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attem...
CVE-2014-3549
Cross-site scripting XSS vulnerability in the getdescription function in lib/classes/event/userloginfailed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attem...
Cross site scripting
Cross-site scripting XSS vulnerability in the getdescription function in lib/classes/event/userloginfailed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attem...
Code injection
DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as...