6 matches found
PT-2023-32394 · Unknown · Ffs Colibri
Name of the Vulnerable Software and Affected Versions: FFS Colibri affected versions not specified Description: The issue allows a remote user to access files on the system, including files that contain login credentials for other users. Recommendations: At the moment, there is no information abo...
Cross-Site Request Forgery in Magnolia CMS
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery CSRF in order to brute force and exfiltrate users' credentials...
CVE-2021-32522 QSAN Storage Manager, XEVO, SANOS - Improper Restriction of Excessive Authentication Attempts
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document...
CVE-2018-16162
OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors...
PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure
PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure site: http://www.php-fusion.co.uk - if magicquotes off - SQL Injection, poc: http://target/pathtoPhpFusion/messages.php?msgsend=' UNION SELECT userpassword FROM fusionusers WHERE username='adminusername'/ now hash is showed i...
ATutor 1.5.1 SQL Injection / Admin credentials disclosure / remote code execution
ATUTOR 1.5.1 possibly prior versions SQL INJECTION / ADMIN & USERS CREDENTIALS DISCLOSURE / INFORMATION DISCLOSURE / USER IMPERSONATION / REMOTE CODE EXECUTION software: site: http://www.atutor.ca/ description: "ATutor is an Open Source Web-based Learning Content Management System LCMS designed...