CVE-2014-9039

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message...

CVE-2014-9039

CVE-2014-9039 affects WordPress versions prior to 4.0.1 for the 4.x line and older 3.x branches: remote password resets could be triggered if an attacker gains access to the email account that received the reset message. The explicit vulnerable ranges are WordPress before 3.7.5, 3.8.x before 3.8....

CVE-2014-9033

CVE-2014-9033 is a CSRF vulnerability in WordPress affecting wp-login.php that could allow an attacker to hijack a user’s authentication by tricking them into performing a password change. The advisory data lists affected WordPress versions as 3.7.4, 3.8.4, 3.9.2, and 4.0, with remediation indica...

WordPress <= 4.0.0 - CSRF

Because of this vulnerability in wp-login.php, the attackers can hijack the authentication of arbitrary users for requests that reset passwords. Solution Update WordPress...

WordPress <= 4.0.0 - Multiple Vulnerabilities #1

There are multiple vulnerabilities in WordPress wp-login.php, such as cross site scripting, denial of service attacks, hash comparison, SSRF, CSRF. Because of these vulnerabilities, attackers can reset passwords by leveraging access to an e-mail account that received a password-reset message...

Sql injection

SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2011-2944

CVE-2011-2944 affects MegaLab The Uploader prior to version 2.0.5. The login.php handling allows a SQL injection via the username parameter, enabling remote attackers to execute arbitrary SQL commands. The NVD record lists a CVSS v2 base score of 7.5 (HIGH) with network access, low attack complex...

Cross site scripting

Cross-site scripting XSS vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php...

CVE-2014-5088

CVE-2014-5088 is a cross-site scripting (XSS) vulnerability in Status2k Server Monitoring Software. The risk entry describes an attacker injecting arbitrary script/HTML through the username parameter sent to login.php, enabling remote exploitation. Public records in the NVD entry enumerate the fl...

WP Affiliate Manager - login.php msg Parameter XSS

The wp-affiliate-platform WordPress plugin was affected by a login.php msg Parameter XSS security vulnerability...

Pie Register - wp-login.php Multiple Parameter XSS

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by a wp-login.php Multiple Parameter XSS security vulnerability...

WordPress Members Plugin <= 2.8.9 - Reflected XSS

This plugin is prone to a cross site scripting vulnerability in wp-login.php. Solution Update the plugin...

Easy POS System - SQL Injection (login.php)

No description provided by source...

IP Reg <= 0.4 - Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl ----------------------------------------------- IP Reg = 0.4 Blind SQL Injection Exploit Discovered By StAkeR - StAkeRathotmaildotit Discovered On 03/10/2008 ----------------------------------------------- Download...

Nukeviet 2.0 'admin/login.php' Cookie Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30681/info Nukeviet is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication. Attackers can exploit this vulnerability to gain...

IPN Development Handler 2.0 - Multiple Vulnerabilities

No description provided by source. IPN Development Handler v2.0 CSRF Change Admin Account ============================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://scripts.filehungry.com/product/php/e-commerce/paypal/ipndevelopmenthandler/ ===...

AfterLogic MailBee WebMail Pro 3.x login.php mode Parameter XSS

No description provided by source...

68 Classifieds 4.1 login.php goto Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36208/info '68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...

DeskPro 2.0.1 Login.PHP HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23381/info DeskPRO is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the...

MercuryBoard <= 1.1.5 (login.php) Remote Blind SQL Injection Exploit

No description provided by source. ?php / -------------------------------------------------------------------- MercuryBoard = 1.1.5 login.php Remote Blind SQL Injection Exploit -------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom...