PT-2024-6459 · D Link · D-Link Dcs-960L

Name of the Vulnerable Software and Affected Versions: D-Link DCS-960L version 1.09 Description: The issue is related to a stack overflow vulnerability in the HNAP service of the D-Link DCS-960L IP camera, specifically in the Login function. This vulnerability can be exploited by a remote attacke...

CVE-2024-7808

A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

SourceCodester School Log Management System SQL注入漏洞

SourceCodester School Log Management System is a SourceCodester open source school log management system. SourceCodester School Log Management System version 1.0 suffers from a SQL injection vulnerability, which originates from the username function on the /admin/ajax.php?action=login page contai...

CVE-2024-4303 ArmorX Android APP - MFA Bypass

ArmorX Android APP's multi-factor authentication MFA for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully log into the APP...

CVE-2024-1729

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...

CVE-2024-1176

CVE-2024-1176 affects the HT Easy GA4 – Google Analytics WordPress Plugin. The vulnerability is a missing capability check in login() that enables unauthenticated modification of the GA4 email. Affected versions are all up to and including 1.1.5. Remediation: upgrade to 1.1.6 or later (Wordfence/...

CVE-2024-28816

Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php...

CVE-2024-28816

Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php...

CVE-2024-28816

The CVE identifies a SQL injection in the Student Information Chatbot a0196ab, exposed via the login username parameter in index.php. The underlying flaw is unsanitized user input passed to a SQL query in the login function, enabling potential unauthorized access or data exposure. Exploitation st...

CVE-2023-41503

Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function...

Student Enrollment In PHP Security Vulnerability

Student Enrollment In PHP is an open source student enrollment system from code-projects. A security vulnerability exists in Student Enrollment In PHP, which stems from an SQL injection vulnerability in the Login function...

CVE-2023-41503

Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function...

CVE-2023-41503

Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function...

CVE-2023-41503

CVE-2023-41503 affects the open-source “Student Enrollment In PHP v1.0.” The vulnerability is a SQL injection in the Login function, caused by unsafe SQL handling in the authentication flow. It is rated CVSS v3.1 base score 9.8 (CRITICAL) with Network attack vector, no privileges required, no use...

PT-2024-18257 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 4.19.2 Description: A timing attack vulnerability exists in the login function, specifically within the routes.py file, due to the use of a direct comparison operation app.authusername == password to validate user...

CVE-2024-0479

A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to...

PT-2024-15596 · Taokeyun · Taokeyun

Name of the Vulnerable Software and Affected Versions: Taokeyun versions up to 1.0.5 Description: A critical issue has been found, affecting the function login of the file application/index/controller/m/User.php in the HTTP POST Request Handler component. The manipulation of the username argument...

CVE-2023-49281 Open Redirect in Login Function of Calendarinho

Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites,...

Information disclosure

An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function...

CVE-2023-46963

An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function...