Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords

Summary modules/registration.php mode sendlogin regenerates a random password for useruuidassigned, stores its bcrypt hash in admusers.usrpassword, and emails the cleartext to that user. Every other state-changing mode in the same file assignmember, assignuser, deleteuser, createuser calls...

CVE-2025-71244

SPIP ≤ 4.4.5 (and 4.3.9) is affected by an Open Redirect via the login form when used in AJAX mode. A malicious URL can cause a logged-in victim to be redirected to an arbitrary external site after login if the login page has been overridden to function in AJAX mode; it is not mitigated by the SP...

CVE-2019-9682

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...

CVE-2019-9682

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...

KimsQ 040109 - Multiple Remote File Inclusions

\|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- KimsQ 040109 Multiple Remote File Include Vulnerability Script: http://kimsq.googlecode.com/files/kimsqv040109.zip Author: mat Mail: [email protected]...

KimsQ 040109 - Multiple Remote File Inclusions

KimsQ 040109 - Multiple Remote File Inclusions \|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- KimsQ 040109 Multiple Remote File Include Vulnerability Script: http://kimsq.googlecode.com/files/kimsqv040109.zip Author: mat Mail: [email protected]...