100 matches found
ShinyHunters escalates Canvas attacks with school login defacements
Days after confirming a major data breach, Instructure is now facing a second blow. Earlier this week, Instructure confirmed a major data breach affecting its cloud‑hosted Canvas environment, with the ShinyHunters group claiming it stole hundreds of millions of records tied to thousands of school...
CVE-2023-40519
A cross-site scripting XSS vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575ee9195b0, 01.01.01.30097902fd999e76, and 00.12.01.95655881254b459 allows remote attackers to inject arbitrary web script or HTML v...
EUVD-2020-19880
Malware in sbrugna...
EUVD-2020-16573
Malware in sbrugna...
EUVD-2018-3481
Malware in sbrugna...
EUVD-2022-33639
Malicious code in bioql PyPI...
EUVD-2021-30021
Malicious code in bioql PyPI...
EUVD-2021-31096
Malicious code in bioql PyPI...
CVE-2024-3378
A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack...
CVE-2022-29152
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page...
CVE-2022-29296
A reflected cross-site scripting XSS vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2021-34218
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter...
Clinic's Patient Management System 1.0 - Unauthenticated RCE
This module exploits an SQL injection in login portal, which allows to log in as admin. Next, it allows the attacker to upload malicious files through user modification to achieve RCE. Module Options msf use exploit/multi/http/clinicpmssqlitorce msf exploitclinicpmssqlitorce show targets...
VulnCheck KEV: CVE-2024-3378
A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The...
CVE-2024-44349
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB...
CVE-2024-44349
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB...
CVE-2024-44349
AnteeoWMS is affected by a SQL injection in the login portal present in versions prior to 4.7.34. The vulnerability allows unauthenticated attackers to inject SQL via the username parameter and potentially disclose data from the underlying database. The issue is documented across multiple sources...
Cisco SSL VPN Bruteforce Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco SSL VPN Bruteforce Login Utility', 'Description' = % This module scans for Cisco SSL VPN web login portals and performs login brute force t...
Cambium EPMP 1000 Login Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium ePMP 1000 Login Scanner', 'Description' = % This module scans for Cambium ePMP 1000 management login portals, and attempts to identify...
CVE-2024-3378
A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack...