Lucene search
K

52 matches found

Positive Technologies
Positive Technologies
added 2025/09/14 12:0 a.m.9 views

PT-2025-37397

Name of the Vulnerable Software and Affected Versions: Yida ECMS Consulting Enterprise Management System version 1.0 Description: A cross-site scripting issue exists in Yida ECMS Consulting Enterprise Management System 1.0. The vulnerability is located in the POST Request Handler component,...

5.3CVSS4.5AI score0.00317EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 6:48 p.m.9 views

CVE-2021-41015

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler...

6.1CVSS7.4AI score0.00823EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:40 a.m.4 views

CVE-2016-11022

NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to loginhandler.php...

7.2CVSS7.7AI score0.03178EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:22 a.m.8 views

CVE-2017-8055

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...

5.3CVSS7AI score0.01591EPSS
Exploits1References1
NVD
NVD
added 2025/04/16 3:16 p.m.16 views

CVE-2025-3694

A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument loginemail leads to sql injection. It is possible to initiate the attack remotely...

9.8CVSS0.00498EPSS
Exploits1References5
OSV
OSV
added 2025/04/16 3:16 p.m.4 views

CVE-2025-3694

A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument loginemail leads to sql injection. It is possible to initiate the attack remotely...

9.8CVSS5.7AI score0.00498EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/04/16 2:31 p.m.19 views

CVE-2025-3694 SourceCodester Web-based Pharmacy Product Management System Login sql injection

A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument loginemail leads to sql injection. It is possible to initiate the attack remotely...

7.5CVSS0.00498EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/04/16 2:31 p.m.5 views

CVE-2025-3694 SourceCodester Web-based Pharmacy Product Management System Login sql injection

A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument loginemail leads to sql injection. It is possible to initiate the attack remotely...

7.5CVSS7.7AI score0.00498EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.8 views

PT-2025-16780 · Sourcecodester · Sourcecodester Web-Based Pharmacy Product Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Web-based Pharmacy Product Management System version 1.0 Description: A critical issue has been discovered, affecting the Login Handler component. The manipulation of the login email argument leads to SQL injection. This issue...

9.8CVSS7.5AI score0.00498EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.13 views

SourceCodester Web-based Pharmacy Product Management System 注入漏洞

SourceCodester Web-based Pharmacy Product Management System is SourceCodester open source a Web-based pharmacy product management system . An injection vulnerability exists in the SourceCodester Web-based Pharmacy Product Management System version 1.0, which results from SQL injection due to...

9.8CVSS7.8AI score0.00498EPSS
Exploits1References5
OSV
OSV
added 2024/06/18 9:15 p.m.2 views

CVE-2024-6129

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...

3.7CVSS4.5AI score0.00605EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/02/06 12:0 a.m.7 views

The vulnerabilities of the `handle_login_request()` and `handle_auth_request()` functions of the Web3 plugin – a crypto wallet login & NFT token-gating system for WordPress website content management systems – allow attackers to bypass existing security restrictions.

The vulnerabilities of the handleloginrequest and handleauthrequest functions of the Web3 plugin involve authentication procedures. The vulnerabilities in these functions allow a malicious actor to bypass existing security measures by sending specially crafted POST requests. This vulnerability is...

10CVSS5.5AI score0.01773EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2024/01/07 7:15 p.m.3 views

CVE-2023-7213

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based...

8.8CVSS6.2AI score0.00903EPSS
Exploits1References3
OSV
OSV
added 2023/12/25 1:15 a.m.5 views

CVE-2023-7095

A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer...

9.8CVSS6.2AI score0.137EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.5 views

PT-2022-25180 · Wbce Cms · Wbce Cms

Name of the Vulnerable Software and Affected Versions: WBCE CMS affected versions not specified Description: A problematic issue has been found in WBCE CMS, affecting the function increase attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the...

7.5CVSS7.5AI score0.00788EPSS
Exploits1References7
OSV
OSV
added 2022/10/24 2:15 p.m.7 views

CVE-2021-26730

A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

9.8CVSS6.4AI score0.00978EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/24 12:0 a.m.7 views

CVE-2021-26730 spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow

A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

10CVSS9.8AI score0.00978EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.4 views

PT-2022-9792 · Lanner · Lanner Inc Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: A stack-based buffer overflow vulnerability in a subfunction of the Login handler func function of spx restservice allows an attacker to execute arbitrary code with the sam...

10CVSS9.8AI score0.00978EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.5 views

PT-2022-9791 · Lanner · Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: The issue is related to command injection and multiple stack-based buffer overflows vulnerabilities in the Login handler func function of spx restservice, allowing an...

10CVSS9.8AI score0.02285EPSS
Exploits0References5
Hacker One
Hacker One
added 2022/01/12 10:25 p.m.26 views

Rocket.Chat: TOTP 2 Factor Authentication Bypass

Summary Two Factor Authentication can be bypassed when telling the server to use CAS during login. Description The 2FA Login Handler skips validation when it finds CAS enabled. When the clients sends the option among the login request, the login proceeds without validation of a second factor. In...

6.5CVSS0.01229EPSS
Exploits1
Rows per page
Query Builder