12 matches found
EUVD-2018-13389
Malware in sbrugna...
CVE-2021-3304
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI...
CVE-2020-5517
CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis...
CVE-2018-20849
Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATHINFO to the login/ URI...
Code injection
The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...
BlueOnyx 5209R Cross-Site Request Forgery Vulnerability
BlueOnyx 5209R is an open source web hosting solution. The product includes email, DNS and file transfer services, among others. A cross-site request forgery vulnerability exists in the /login URI in BlueOnyx 5209R. The vulnerability stems from a WEB application that does not adequately validate...
CVE-2020-5517
CVE-2020-5517 is a CSRF vulnerability in the /login URI of BlueOnyx 5209R. The issue allows an attacker to gain access to the dashboard and perform scraping/analysis. Affected product: BlueOnyx 5209R; vulnerable component is the CSRF protection on /login. Impact: unauthorized access to the dashbo...
CVE-2018-20849
Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATHINFO to the login/ URI...
CVE-2018-19468
HuCart 5.7.4 has SQL injection in getip in system/class/helperclass.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=actlogin URI...
Open redirect
An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirecturl parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code...
Authentication flaw
An authentication bypass exists in the E-Sic 1.0 /index aka login URI via '=''or' values for the username and password...
Allomani Mobile 2.5 Remote Blind SQL Injection Exploit
No description provided by source. ?php iniset"maxexecutiontime",0; printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Allomani Mobile v2.5 /QQQ/\QQQ\ Blind SQL inj. exploit /QQQQQ/ \QQQQQQ\ q GET 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q http://allomani.com |QQQQ/ By Qabandi \QQQQ...