CVE-2022-38462

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request...

EUVD-2022-7444

Malicious code in bioql PyPI...

CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

CVE-2024-50341 Security::login does not take into account custom user_checker in symfony/security-bundle

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

GHSA-JXGR-3V7Q-3W9V Symfony's `Security::login` does not take into account custom `user_checker`

Description The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to unwanted login. Resolution The Security::login method now ensure to call the configured userchecker. The patch for this issue is available here for branch...

PT-2024-34151 · Symfony +2 · Symfony/Securitybundle +2

Name of the Vulnerable Software and Affected Versions: symfony/security-bundle versions prior to 6.4.10 symfony/security-bundle versions prior to 7.0.10 symfony/security-bundle versions prior to 7.1.3 Description: The custom user checker defined on a firewall is not called when logging in...

Symfony 授权问题漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony that stems from the fact that a custom userchecker on the firewall is not invoked when logging in programmatically using the Security::log...

Uniview NVR301-04S2-P4 Cross Site Scripting

Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting XSS Author: Bleron Rrustemi Discovery Date: 2022-11-15 Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/ Datasheet:: https://www.uniview.com/download.do?id=1761643 Device Firmware:...

Symbiote Seed 输入验证错误漏洞

Symbiote Seed is a set of modules that provide a solid foundation for building SilverStripe websites. An input validation error vulnerability exists in Symbiote Seed versions prior to 6.0.3, which stems from a problem with the onBeforeSecurityLogin function in the...

CVE-2022-38462

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request...

CVE-2022-38462

CVE-2022-38462 affects SilverStripe framework up to version 4.11.0, enabling XSS via crafted return URLs on /dev/build or /Security/login. Core issue is insufficient sanitization/escaping of user-supplied data in responses. The risk is context-dependent and requires the browser to render PHP warn...

PT-2022-24417 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.11 and earlier Description: The issue allows an attacker to inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a "/dev/build" or "/Security/login" request. ...

CVE-2019-9682

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...

Default configuration

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...

CVE-2019-9682

Vulnerability overview (CVE-2019-9682) : Dahua devices built before December 2019 retain a weak security login mode for compatibility with older devices. When users enable/use this weak login, an attacker on the same network can monitor traffic and intercept packets to attack the device. Impact i...

CVE-2019-9682

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...

MODX Revolution Directory Traversal Vulnerability (CNVD-2018-17478)

MODX Revolution is a collection of easy-to-use content management systems CMS and application frameworks. A directory traversal vulnerability exists in /core/model/modx/modmanagerrequest.class.php in MODX Revolution 2.6.4 and earlier versions. An attacker can exploit the vulnerability by deleting...

CVE-2018-1000208

MODX Revolution version =2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 139...

CVE-2018-1000208

MODX Revolution version =2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 139...

admin.meritservicesolutions.com XSS vulnerability

Vulnerable URL: http://admin.meritservicesolutions.com/Lipinski/Security/Login.asp?silent===/lipinski/subs/subcommloglist.asp=1"...