52 matches found
PT-2025-37397
Name of the Vulnerable Software and Affected Versions: Yida ECMS Consulting Enterprise Management System version 1.0 Description: A cross-site scripting issue exists in Yida ECMS Consulting Enterprise Management System 1.0. The vulnerability is located in the POST Request Handler component,...
CVE-2021-41015
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler...
CVE-2016-11022
NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to loginhandler.php...
CVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...
CVE-2025-3694
A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument loginemail leads to sql injection. It is possible to initiate the attack remotely...
CVE-2025-3694
A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument loginemail leads to sql injection. It is possible to initiate the attack remotely...
CVE-2025-3694 SourceCodester Web-based Pharmacy Product Management System Login sql injection
A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument loginemail leads to sql injection. It is possible to initiate the attack remotely...
CVE-2025-3694 SourceCodester Web-based Pharmacy Product Management System Login sql injection
A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument loginemail leads to sql injection. It is possible to initiate the attack remotely...
PT-2025-16780 · Sourcecodester · Sourcecodester Web-Based Pharmacy Product Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Web-based Pharmacy Product Management System version 1.0 Description: A critical issue has been discovered, affecting the Login Handler component. The manipulation of the login email argument leads to SQL injection. This issue...
SourceCodester Web-based Pharmacy Product Management System 注入漏洞
SourceCodester Web-based Pharmacy Product Management System is SourceCodester open source a Web-based pharmacy product management system . An injection vulnerability exists in the SourceCodester Web-based Pharmacy Product Management System version 1.0, which results from SQL injection due to...
CVE-2024-6129
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...
The vulnerabilities of the `handle_login_request()` and `handle_auth_request()` functions of the Web3 plugin – a crypto wallet login & NFT token-gating system for WordPress website content management systems – allow attackers to bypass existing security restrictions.
The vulnerabilities of the handleloginrequest and handleauthrequest functions of the Web3 plugin involve authentication procedures. The vulnerabilities in these functions allow a malicious actor to bypass existing security measures by sending specially crafted POST requests. This vulnerability is...
CVE-2023-7213
A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based...
CVE-2023-7095
A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer...
PT-2022-25180 · Wbce Cms · Wbce Cms
Name of the Vulnerable Software and Affected Versions: WBCE CMS affected versions not specified Description: A problematic issue has been found in WBCE CMS, affecting the function increase attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the...
CVE-2021-26730
A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
CVE-2021-26730 spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow
A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
PT-2022-9792 · Lanner · Lanner Inc Iac-Ast2500A
Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: A stack-based buffer overflow vulnerability in a subfunction of the Login handler func function of spx restservice allows an attacker to execute arbitrary code with the sam...
PT-2022-9791 · Lanner · Iac-Ast2500A
Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: The issue is related to command injection and multiple stack-based buffer overflows vulnerabilities in the Login handler func function of spx restservice, allowing an...
Rocket.Chat: TOTP 2 Factor Authentication Bypass
Summary Two Factor Authentication can be bypassed when telling the server to use CAS during login. Description The 2FA Login Handler skips validation when it finds CAS enabled. When the clients sends the option among the login request, the login proceeds without validation of a second factor. In...