Cross-site Scripting (XSS)

OctoPrint is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation in the redirecturl parameter in the login function of views.py, allowing an attacker to inject and execute malicious javascript by redirecting to malicious URLs...

OctoPrint 跨站脚本漏洞

OctoPrint is an application. Provides a fast web interface for controlling consumer 3D printers. A cross-site scripting vulnerability exists in OctoPrint versions prior to 1.8.0, which stems from a lack of data filtering and escaping in the login function in the software views.py...

Design/Logic Flaw

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...

CVE-2021-45031 Weak Authentication in Login Function of USC+

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...

CVE-2021-45031

CVE-2021-45031 affects MEPSAN’s USC+ prior to version 3.0. The vulnerability is a weakness in the login function that lets attackers generate passwords for high-privilege accounts, enabling potential unauthorized access and elevation of privileges. Reports consistently identify versions before 3....

Reolink RLC-410W Certification Bypass Vulnerability

Reolink Rlc-410W is a Wifi security camera from Reolink China.An authentication bypass vulnerability exists in Reolink RLC-410W version v3.0.0.136 20121102, which stems from an authentication bypass in the cgiserver.cgi login function. An attacker can exploit this vulnerability to bypass...

ASUS RT-AX56U Path Traversal Vulnerability

ASUS RT-AX56U is a wireless router from ASUS Taiwan, China.A path traversal vulnerability exists in ASUS RT-AX56U, which stems from the insufficient filtering of special characters in URL parameters by the login function of ASUS RT-AX56U, which could be exploited by an unauthenticated LAN attacke...

CVE-2022-22054

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...

Path traversal

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...

Authentication Bypass

flaskappbuilder is vulnerable to authentication bypass. The vulnerability exists login function of api.py because the login requests are not properly validated which allows a malicious attacker to send a crafted request and gain access to the API endpoints...

CVE-2021-41676

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php...

Sql injection

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php...

CVE-2021-40889

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in webroot/uno/central.php file calls to fileputcontents function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into...

CVE-2021-40889

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in webroot/uno/central.php file calls to fileputcontents function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into...

Insecure Authentication

lincmsflask uses insecure authentication. The vulnerability exists due to a lack of rate-limiting in the login function...

PYSEC-2021-339

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'...

lin-cms-flask安全漏洞

lin-cms-flask is a content management system framework. lin-cms-flask version 0.1.1 contains a security vulnerability that can be exploited by remote attackers to brute force login via the "login" function in the component "app/api/cms/user.py"...

CVE-2015-2099

Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the 1 GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, 2 Login function in the LoginContoller.LoginControllerCtrl.1 control, or 3 GetThumbnail...

openSIS SQL Injection Vulnerability (CNVD-2020-50952)

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in the login function in OS4Ed openSIS 7.3, which can be exploited by an attacker to conduct a SQL injection attack by sending a specially crafted HTTP request...

CVE-2018-16955

The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting XSS. The content of the inhiredirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MIT...