Lucene search
+L

135 matches found

CNNVD
CNNVD
added 2022/01/10 12:0 a.m.10 views

Solarwinds Serv-U Web Client 输入验证错误漏洞

The Solarwinds Serv-U Web Client is an HTTP-based file transfer client from SolarWinds USA that is available to all users on licensed Serv-U file servers. An input validation error vulnerability exists in the Solarwinds Serv-U Web Client that stems from the Serv-U web login interface allowing...

5.3CVSS7.6AI score0.03359EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/23 12:0 a.m.5 views

Openvpn OpenVPN 跨站脚本漏洞

Openvpn OpenVPN is a software package from OpenVPN Openvpn Inc. that creates encrypted virtual private network VPN tunnels that use the OpenSSL library to encrypt data and control information and allow the created VPN to be authenticated using a public key, an electronic certificate, or a...

6.1CVSS6AI score0.00722EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/05 12:0 a.m.6 views

Vmware Workspace One 信息泄露漏洞

Vmware Vmware Workspace One is a platform for supporting cross-device applications for rapid delivery and management of applications from Vmware, USA. The platform, which includes VMware Horizon and VMware Horizon Cloud, integrates access control, application management, and multi-platform endpoi...

7.5CVSS7.5AI score0.00994EPSS
Exploits0References4
CNVD
CNVD
added 2020/01/09 12:0 a.m.2 views

Logic Flaw Vulnerability in the Backend Management Login Interface of Angel School Training Website System

Angel school training website system is an open source website management system. Angel school training website system back-end management login interface has a logic flaw vulnerability that can be exploited by an attacker to violently break the administrator's password...

6.9AI score
Exploits0
CNVD
CNVD
added 2019/07/13 12:0 a.m.2 views

SQL Injection Vulnerability in the Login Interface of BodaTech Enterprise Website Management System

Liaocheng Boda Network Technology Co., Ltd. is mainly engaged in developing commercial websites. SQL injection vulnerability exists in the login interface of Boda's enterprise website management system, which can be exploited by attackers to obtain database information...

8AI score
Exploits0
CNVD
CNVD
added 2019/06/21 12:0 a.m.3 views

Logic Flaw Vulnerability in eXtplorer Login Interface

eXtplorer is a file management based on PHP and ExtJS development of the text based on PHP and ExtJS development of the file management of the file management device manager . A logic flaw vulnerability exists in the eXtplorer login interface, which can be exploited by an attacker to gain server...

7.2AI score
Exploits0
OSV
OSV
added 2019/04/25 8:29 p.m.1 views

CVE-2018-18285

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database...

9.8CVSS6AI score0.01844EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/04/25 7:12 p.m.17 views

CVE-2018-18285

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database...

10AI score0.01844EPSS
Exploits0References2
OSV
OSV
added 2018/03/29 4:29 p.m.5 views

CVE-2018-9031

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...

9.8CVSS5.8AI score0.01586EPSS
Exploits1References2
Prion
Prion
added 2018/03/29 4:29 p.m.15 views

Design/Logic Flaw

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...

5CVSS9.4AI score0.01586EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2018/02/08 12:0 a.m.3 views

Remote Command Execution Vulnerability in HP iLO

iLo stands for Integrated lights-out and is the remote management port integrated into HP servers. A remote command execution vulnerability exists in HP iLO, which can be exploited by an attacker to obtain a remote login interface and execute remote commands...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/01/02 12:0 a.m.2 views

MT4 Networks SenhaSegura Web Application Session Fixation Vulnerability

MT4 Networks SenhaSegura Web Application is an Identity Rights Management Web Application from the MT4 Group in Brazil. A session fixation vulnerability exists in MT4 Networks SenhaSegura Web Application version 2.2.23.8. An attacker can exploit this vulnerability to gain privileges with the help...

8.8CVSS7.1AI score0.01035EPSS
Exploits0References1
OSV
OSV
added 2017/12/19 2:29 a.m.1 views

CVE-2017-11562

A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via loginif.php...

8.8CVSS5.8AI score0.01035EPSS
Exploits0References1
OSV
OSV
added 2017/04/22 10:59 p.m.5 views

CVE-2017-8055

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...

5.3CVSS5.8AI score0.01591EPSS
Exploits1References4
seebug.org
seebug.org
added 2014/10/10 12:0 a.m.67 views

方维团购最新版通杀注入(附大量案例)

简要描述: RT $$$$$$$$$$$$$$$$$$$$$$$ 详细说明: 官网没成功。但是基本通杀。 存在问题的地方是这个登录接口:m.php?m=User&a=doLogin post:origURL=ghost&password=ghost&email=ghost(email参数没有过滤) 报错注入 http://www.qianrengou.com/m.php?m=User&a=doLogin post:post:origURL=ghost&password=ghost&email=ghost 默认后台:admin.php...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.36 views

MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability

No description provided by source. !-- Title: MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability Vendor: MODx, LLC. Product web page: http://www.modxcms.com Affected version: 2.0.4-pl2 public launch 2 Summary: MODx Revolution is a powerful PHP Content Management Framework that...

7.1AI score
Exploits0
Saint
Saint
added 2012/05/17 12:0 a.m.27 views

SolarWinds Storage Manager SQL Injection

Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...

0.7AI score
Exploits0
Saint
Saint
added 2012/05/17 12:0 a.m.22 views

SolarWinds Storage Manager SQL Injection

Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2011/01/07 12:0 a.m.37 views

[ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration

Hi sec-folks, I recently discuss with Ariadne team to public disclose two new different vulnerabilities found in Ariadne Content Manager ACM. As the name says, ACM is an enterprise solution for content management mainly used by big private and public companies and institutions. This is the site o...

0.9AI score
Exploits0
exploitpack
exploitpack
added 2010/12/06 12:0 a.m.31 views

MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting

MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $...

7.1AI score
Exploits0
Rows per page
Query Builder