CVE-2014-9039

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message...

CVE-2014-9039

CVE-2014-9039 affects WordPress versions prior to 4.0.1 for the 4.x line and older 3.x branches: remote password resets could be triggered if an attacker gains access to the email account that received the reset message. The explicit vulnerable ranges are WordPress before 3.7.5, 3.8.x before 3.8....

CVE-2014-9033

CVE-2014-9033 is a CSRF vulnerability in WordPress affecting wp-login.php that could allow an attacker to hijack a user’s authentication by tricking them into performing a password change. The advisory data lists affected WordPress versions as 3.7.4, 3.8.4, 3.9.2, and 4.0, with remediation indica...

WordPress <= 4.0.0 - Multiple Vulnerabilities #1

There are multiple vulnerabilities in WordPress wp-login.php, such as cross site scripting, denial of service attacks, hash comparison, SSRF, CSRF. Because of these vulnerabilities, attackers can reset passwords by leveraging access to an e-mail account that received a password-reset message...

WordPress <= 4.0.0 - CSRF

Because of this vulnerability in wp-login.php, the attackers can hijack the authentication of arbitrary users for requests that reset passwords. Solution Update WordPress...

Sql injection

SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2011-2944

CVE-2011-2944 affects MegaLab The Uploader prior to version 2.0.5. The login.php handling allows a SQL injection via the username parameter, enabling remote attackers to execute arbitrary SQL commands. The NVD record lists a CVSS v2 base score of 7.5 (HIGH) with network access, low attack complex...

Cross site scripting

Cross-site scripting XSS vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php...

CVE-2014-5088

CVE-2014-5088 is a cross-site scripting (XSS) vulnerability in Status2k Server Monitoring Software. The risk entry describes an attacker injecting arbitrary script/HTML through the username parameter sent to login.php, enabling remote exploitation. Public records in the NVD entry enumerate the fl...

WP Affiliate Manager - login.php msg Parameter XSS

The wp-affiliate-platform WordPress plugin was affected by a login.php msg Parameter XSS security vulnerability...

Pie Register - wp-login.php Multiple Parameter XSS

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by a wp-login.php Multiple Parameter XSS security vulnerability...

WordPress Members Plugin <= 2.8.9 - Reflected XSS

This plugin is prone to a cross site scripting vulnerability in wp-login.php. Solution Update the plugin...

AfterLogic MailBee WebMail Pro 3.x login.php mode Parameter XSS

No description provided by source...

68 Classifieds 4.1 login.php goto Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36208/info '68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...

UBBCentral UBB.threads 6.2.3/6.5 login.php Cat Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including...

GLLCTS2 <= 4.2.4 - (login.php detail) SQL Injection Exploit

No description provided by source. ?php / 08000000088@M@@@M@2ZZZ8@aZX;ii,,:,iir777777777777777777777777r;i:, i ,@X:i:0a7 BMMM88000000000 08888888882aMMMMM,SZZ0WZ ........ 7a2MMMMM : MMM@aZ888888888 08888888888WMMMMM78aSXi XBMMMMMMMMMMMMMM2: MB.X:. ,SMMMMMMMMMMMM. r: MMM0a8888888888...

Dark Hart Portal (login.php) Remote File Inclusion Vulnerability

No description provided by source. ------------------------------------------------------------------------------------- Dark Portal login.php Remote File Inclusion Vulnerability ------------------------------------------------------------------------------------- Author: CoBRa21 Mail:...

Koobi Pro 6.1 - Gallery (img_id)

No description provided by source. Koobi Pro v6.1 gallery imgid AUTHOR : BILGEKAGAN HOME : http://www.1923turk.biz DORK 1 : allinurl: index.php?p=gallerypic imgid EXPLOiT: index.php?p=gallerypic&imgid=-1+union+select+0,1,2,concatemail,0x3a,pass,4,5,6,7,8+from+kpro6user aDMN PANEL: admin/login.php...

EsContacts 1.0 - login.php msg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28825/info EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Attackers may leverage these issues to execute arbitrary script code in the browse...

phpwcms <= 1.2.6 (Cookie: wcs_user_lang) Local File Include Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...