Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-3535

Malware in sbrugna...

4.3CVSS6.1AI score0.01187EPSS
Exploits0References5
wpexploit
wpexploit
added 2023/04/06 12:0 a.m.112 views

Limit Login Attempts < 1.7.2 - Unauthenticated Stored XSS

The plugin does not sanitize and escape the IP address retrieved from headers such as X-Forwarded-For when the "Site Connection" settings is set to "From behind a reversy proxy", which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks Setup: As admin, set the...

7.2CVSS6.3AI score0.00789EPSS
Exploits3
Prion
Prion
added 2020/05/16 8:15 p.m.13 views

Open redirect

Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt...

5.8CVSS6.2AI score0.03518EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2014/07/29 11:10 a.m.18 views

CVE-2014-3549

Cross-site scripting XSS vulnerability in the getdescription function in lib/classes/event/userloginfailed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attem...

4.3CVSS5.4AI score0.01187EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/07/29 11:10 a.m.22 views

CVE-2014-3549

Cross-site scripting XSS vulnerability in the getdescription function in lib/classes/event/userloginfailed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attem...

4.3CVSS6AI score0.01187EPSS
Exploits0References3
Prion
Prion
added 2014/07/29 11:10 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the getdescription function in lib/classes/event/userloginfailed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attem...

4.3CVSS5.9AI score0.01187EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/10/30 7:46 p.m.21 views

Code injection

DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as...

4.3CVSS6.7AI score0.01481EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder