CVE-2014-5000

The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process...

CVE-2017-17030

A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices...

CVE-2017-17030

A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices...

Buffer overflow

A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices...

blogtraffic.de XSS vulnerability

Vulnerable URL: http://www.blogtraffic.de/index.php?function=login=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert%28%2Fopenbugbounty%2F%29%3E=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert%28%2Fopenbugbounty%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at 05.09.2017...

Cisco Ultra Services Framework Remote Security Bypass Vulnerability

Cisco Ultra Services Framework is the United States Cisco Cisco a smart online services payment platform. A security vulnerability exists in the AutoVNF login function in Cisco Ultra Services Framework, which is a program that fails to perform sufficient detection when creating a directory on a...

The vulnerability of the Debian GNU/Linux operating system and the DBD::mysql driver allows attackers to exert undefined effects.

The vulnerability of the mylogin function in the Debian GNU/Linux operating system and the DBD::mysql driver is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to have unpredictable effects by using the mysqlerrno function after the mylogin...

CVE-2015-6481

CVE-2015-6481 affects Moxa OnCell Central Manager Software prior to version 2.2. The vulnerability arises from a hard-coded root credential in the RequestController.login function, enabling remote attackers to obtain administrative access and potentially execute code on affected systems. NVD and ...

IP. Board <= 3.4.7 SQL Injection analysis-vulnerability warning-the black bar safety net

IPB stands for Invision Power Board is a PHP Development Forum program, foreign used more widely. In its 3. 4. 7 version and the previous presence of a SQL injection vulnerability, this article to its analysis. poc link http://seclists.org/fulldisclosure/2014/Nov/20 !/ usr/bin/env python Sunday,...

Betster 1.0.4 SQL Injection / Authentication Bypass Vulnerabilities

Betster version 1.0.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass. ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX ...

PHP Betoffice (Betster) 1.0.4 - Authentication Bypass SQL Injection

PHP Betoffice Betster 1.0.4 - Authentication Bypass SQL Injection ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX /...

eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection

The remote host is running eggBlog, a free PHP and MySQL blog software package. The version of eggBlog installed on the remote host fails to sanitize input to the 'email' and 'password' cookies before using it in the 'eblogin' function in 'lib/user.php' to perform database queries. Provided PHP's...

Sql injection

Multiple SQL injection vulnerabilities in the login function in system/classpermissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to admin/index.php...

wheatblog-rfi.txt

Found by E.Minaev [email protected] ITDefence.ru 1 SQL Injection in login function. With help of this injection is possible to make per-symbol brute of tables names of blog's database magicquotesgpc should be tured off. ------------------------------------------ "$sql = "select from $tblUse...

WheatBlog 1.1 RFI/SQL Injection

Found by E.Minaev [email protected] ITDefence.ru 1 SQL Injection in login function. With help of this injection is possible to make per-symbol brute of tables names of blog's database magicquotesgpc should be tured off. ------------------------------------------ "$sql = "select from $tblUse...

CVE-2006-6358

SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the 1 username and possibly the 2 password parameter. NOTE: some of these details are obtained from third party information...

OTRS 2.0 - Login Function User SQL Injection

OTRS 2.0 - Login Function User SQL Injection source: https://www.securityfocus.com/bid/15537/info OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to multiple...