26 matches found
CVE-2026-40043 Pachno 1.0.6 Authentication Bypass via runSwitchUser()
Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...
CVE-2026-40043
Pachno 1.0.6 contains an authentication bypass vulnerability (CVE-2026-40043) in the runSwitchUser() action. An authenticated, low-privilege attacker can manipulate the client-controlled original_username cookie and request a switch to user ID 1, potentially obtaining session tokens or administra...
PT-2026-32497
Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the original username cookie. Attackers can set the client-controlled original username cookie to any value and request a...
Pachno 1.0.6 (runSwitchUser()) Remote Vertical Privilege Escalation
Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...
EUVD-2018-5271
Malware in sbrugna...
EUVD-2007-3631
Malware in sbrugna...
EUVD-2007-0630
Malware in sbrugna...
Vade Secure Gateway 跨站脚本漏洞
Vade Secure Gateway is an engineering intelligence-driven collaborative email security from Vade Secure. A security vulnerability exists in Vade Secure Gateway. An attacker can exploit the vulnerability to execute arbitrary code via the username, password and language cookie parameters...
Buffalo TS5600D1206 Cross-Site Scripting Vulnerability
The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. A cross-site scripting vulnerability exists in the detail.html file in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited by a remote attacker to execute JavaScript code via a "username" cookie...
CVE-2018-13323
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie...
Cross site scripting
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie...
CVE-2018-13323
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie...
Authentication flaw
The checklogin function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string...
CVE-2011-5303
Cross-site scripting XSS vulnerability in Spitfire CMS 1.0.436 allows remote attackers to inject arbitrary web script or HTML via a cmsusername cookie...
PT-2014-1975 · D Link · Dnr-326
Name of the Vulnerable Software and Affected Versions: D-Link DNR-326 versions prior to 2.10 build 03 Description: The issue is related to the check login function and is caused by weaknesses in the authentication procedure. It allows a remote attacker to bypass authentication and log in by...
CVE-2008-6143
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie...
Authentication flaw
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie...
CVE-2008-6143
CVE-2008-6143 affects OwenPoll 1.0. Affected component is the authentication mechanism, vulnerable to a flaw where an attacker can modify the username cookie to bypass authentication and gain administrative access. This is a network-based exploit with no required user interaction, leading to part...
CVE-2008-6143
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie...
CVE-2007-3647
The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information...