CVE-2025-3388

A vulnerability classified as problematic was found in hailey888 oasystem up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation of the argument Username leads to cross site...

CVE-2025-3388 hailey888 oa_system Frontend LoginsController.java loginCheck cross site scripting

A vulnerability classified as problematic was found in hailey888 oasystem up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation of the argument Username leads to cross site...

PT-2025-15307 · Unknown · Hailey888 Oa System

Name of the Vulnerable Software and Affected Versions: hailey888 oa system up to 2025.01.01 Description: A vulnerability was found in hailey888 oa system, affecting the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation...

PT-2024-15441 · Unknown · Kashipara Food Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Food Management System versions up to 1.0 Description: A critical issue was found in the Kashipara Food Management System, affecting some unknown functionality of the file loginCheck.php. The manipulation of the password argument...

CVE-2022-34046

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IPADDRESS/sysinit.shtml?r=52300 and searching for logincheckuser;...

CVE-2022-34046

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IPADDRESS/sysinit.shtml?r=52300 and searching for logincheckuser;...

PT-2022-21983 · Wavlink · Wavlink Wn533A8

Name of the Vulnerable Software and Affected Versions: Wavlink WN533A8 version M33A8.V5030.190716 Description: An access control issue allows attackers to obtain usernames and passwords via the API endpoint "http://IP ADDRESS/sysinit.shtml?r=52300" by searching for logincheckuser. Recommendations...

Fortinet FortiOS 6.0.4 Password Modification

Exploit Title: Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification Google Dork: intitle:"Please Login" "Use FTM Push" Date: 15/11/2020 Exploit Author: Ricardo Longatto Details: This exploit allow change users password from SSLVPN web portal Vendor Homepage:...

Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification

Exploit Title: Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification Google Dork: intitle:"Please Login" "Use FTM Push" Date: 15/11/2020 Exploit Author: Ricardo Longatto Details: This exploit allow change users password from SSLVPN web portal Vendor Homepage:...

Tenda AC18 Remote Code Execution Vulnerability

Ac18 is a wireless router from Tenda. A remote code execution vulnerability exists in the Tenda AC18. The vulnerability stems from incorrect authentication handling of the logincheck function in the /usr/lib/lua/ngxauthserver/ngxwdas.lua file when the administrator UI is set to "radius". An...

CVE-2020-24987

Tenda AC18 Router through V15.03.05.05EN and through V15.03.05.196318 CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck function in /usr/lib/lua/ngxauthserver/ngxwdas.lua file if the administrator UI Interface is set to "radius"...

Authentication flaw

Tenda AC18 Router through V15.03.05.05EN and through V15.03.05.196318 CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck function in /usr/lib/lua/ngxauthserver/ngxwdas.lua file if the administrator UI Interface is set to "radius"...

PT-2020-15878 · Tenda · Tenda Ac18 Router

Name of the Vulnerable Software and Affected Versions: Tenda AC18 Router versions through V15.03.05.05 EN Tenda AC18 Router versions through V15.03.05.196318 CN Description: The issue is related to incorrect authentication handling of the logincheck function in the /usr/lib/lua/ngx authserver/ngx...

zzcms SQL Injection Vulnerability (CNVD-2019-13260)

ZZCMS is a content management system CMS by the ZZCMS team in China. A SQL injection vulnerability exists in the /user/logincheck.php file in ZZCMS version 8.3. The vulnerability can be exploited by a remote attacker to execute SQL commands with the help of the 'X-Forwarded' parameter in the HTTP...

SQL Injection Vulnerability in ZZCMS /admin/logincheck.php File

Webmaster Merchants Content Management System ZZCMS developed by the ZZCMS team, into the database optimization, content caching, AJAX and other technologies, open source, independent functional modules, to facilitate secondary development. ZZCMS /admin/logincheck.php file SQL injection...

SQL Injection Vulnerability in Zzcms admin/logincheck.php Page

ZZCMS is an enterprise website builder. A SQL injection vulnerability exists in the zzcms admin/logincheck.php page. Due to the failure to filter variables coming from $SERVER, an attacker can exploit the vulnerability to obtain sensitive database data...

WebspotBlogging <= 3.0.1 (path) Remote File Include Vulnerability

No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ Webspotblogging 3.0.1 path = Remote File Include Vulnerability $$ Script site: http://blogging.webspot.co.uk/ $$ dork: Powered by WebspotBlogging $$...

KnowledgeQuest 2.6 - SQL Injection

KnowledgeQuest 2.6 - SQL Injection ...:::::KnowledgeQuest 2.6 SQL Injection Vulnerabilities ::::.... Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all...

Information disclosure

MailWasher Server before 2.2.1, when used with LDAP or Active Directory AD, does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in...

CVE-2007-3275

MailWasher Server before 2.2.1, when used with LDAP or Active Directory AD, does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in...