CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

PT-2025-53345

Name of the Vulnerable Software and Affected Versions Riello UPS NetMan 208 Application versions prior to 1.12 Description The Riello UPS NetMan 208 Application is affected by a SQL injection issue in the cgi-bin/login.cgi script. Specifically, the username parameter is susceptible to SQL injecti...

BIT-DOLIBARR-2020-11823

In Dolibarr 10.0.6, if USERLOGINFAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may lead to stealing of the admin account...

SNMP Community Login Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/communitystringcollection' require 'metasploit/framework/loginscanner/snmp' class MetasploitModule 'SNMP Community Login Scanner',...

Error: "Cannot verify database connectivity" on StoreFront

Though StoreFront server is able to communicate to the SQL server over TCP port 1433, when you click Test Connection at the Deploy Multiple Server Group setup Window for StoreFront 1.1, the connection fails with the following message: Cannot verify database connectivity. The connection string...

Error: "The Login is from an Untrusted Domain and Cannot be used with Windows Authentication" Appears when Launching Provisioning Services Console

When launching the Provisioning Services Console, the critical error message appears, “Critical Error A database error occurred. Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.”...

Monstra CMS 3.0.4 - Remote Code Execution (RCE)

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution RCE Date: 05.05.2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: MacOS import requests import random import string import time import...

Gitlab 13.9.3 Remote Code Execution

Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Date: 02/06/2021 Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/11254...

Error: "Login Failed. The address given did not provide a valid App list" in Citrix Receiver

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. The following error message is displayed on a smart phone when connecting to Citrix Receiver: “Login...

VulnCheck KEV: CVE-2020-27615

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection with resultant XSS, related to loginizerloginfailed and lzvalidip...

UBUNTU-CVE-2020-11823

In Dolibarr 10.0.6, if USERLOGINFAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may lead to stealing of the admin account...

PT-2020-12872 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 10.0.6 Description: A stored XSS issue exists in the admin tools -- audit page when the USER LOGIN FAILED feature is active. This could potentially allow for the theft of an admin account. Recommendations: For Dolibarr versio...

SNMP Login Failed For Authenticated Checks

It was NOT possible to login using the provided SNMPv1 / SNMPv2 community string / SNMPv3 credentials. Hence version checks based on SNMP might not work if no other default community string was found. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a...

Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_system.cgi Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogquerysystemrce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root...

Goigi CMS Backend /admin/index.php Universal Password Bypass Vulnerability

Goigi CMS has a universal password bypass vulnerability in the backend /admin/index.php login, which can be utilized with '=' 'or' to bypass login authentication. When the login succeeds, the page returns 302 and location=location: dashboard in the http header. If the login fails, the returned...

CVE-2014-3549

Cross-site scripting XSS vulnerability in the getdescription function in lib/classes/event/userloginfailed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attem...

Cross site scripting

Cross-site scripting XSS vulnerability in the getdescription function in lib/classes/event/userloginfailed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attem...

VNC Authentication Scanner

This module will test a VNC server on a range of machines and report successful logins. Currently it supports RFB protocol version 3.3, 3.7, 3.8 and 4.001 using the VNC challenge response authentication method. This module requires Metasploit: https://metasploit.com/download Current source:...

MemHT Portal 4.0.1 Cross Site Scripting

!/usr/bin/perl MemHT Portal 4.0.1 Persistent Cross Site Scripting Vulnerability user agent by ZonTa - zontahackersatgmaildotcom After successful inject wait for the admin to view statistic page. Fix is available : http://www.memht.com/news149MemHT-Portal-4-0-2.html use Getopt::Std; use...