SolarWinds Firewall Security Manager userlogin.jsp Policy Bypass (CVE-2015-2284)

A policy bypass vulnerability exists in SolarWinds Firewall Security Manager. The vulnerability is due to a design weakness in the userlogin.jsp page which sets the "username" session value to a user supplied value prior to authentication. A remote unauthenticated attacker could exploit this...

CVE-2015-2284

userlogin.jsp in SolarWinds Firewall Security Manager FSM before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling...

CVE-2015-2284

userlogin.jsp in SolarWinds Firewall Security Manager FSM before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling...

SolarWinds Firewall Security Manager userlogin.jsp Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Firewall Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of client sessions. The issue lies in the ability to...

Design/Logic Flaw

userlogin.jsp in Coursemill Learning Management System LMS 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html...

CVE-2013-3599

CVE-2013-3599 affects Coursemill Learning Management System (LMS) versions 6.6 and 6.8. The issue stems from userlogin.jsp where the response to the login page exposes the user role as a parameter, enabling an attacker to escalate privileges by modifying the role value sent to home.html. Red Hat ...

CVE-2013-3599

userlogin.jsp in Coursemill Learning Management System LMS 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html...

Sql injection

SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter username field. NOTE: some of these details are obtained from third party information...

CVE-2007-6338

CVE-2007-6338 targets Trivantis CourseMill Enterprise Learning Management System 4.1 SP4. The vulnerability is an SQL injection in userlogin.jsp via the username parameter, enabling arbitrary SQL execution as described in the NVD entry. Connected documents corroborate a remote SQL injection capab...

CourseMill Enterprise Learning Management System 'userlogin.jsp' SQL注入漏洞

CourseMill Enterprise Learning Management System是一款基于JSP的WEB应用程序。 CourseMill Enterprise Learning Management System不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'userlogin.jsp'脚本对用户提交的用户名参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Trivantis CourseMill Enterprise Learning...

Sql injection

SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action...

CVE-2006-0510

SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action...

CVE-2006-0510

CVE-2006-0510 describes a SQL injection vulnerability in the Daffodil CRM 1.5 web application, specifically in the login flow handled by login action in the file userlogin.jsp. The issue allows remote attackers to manipulate SQL queries via unspecified login parameters, enabling arbitrary SQL exe...

CVE-2006-0510

SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action...