Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-34175
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.
Login Configurator Project Login Configurator
6.9
CVSSv2
CVE-2010-2945
The default configuration of SLiM prior to 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.
Simone Rota Slim Simple Login Manager 1.2.1
Simone Rota Slim Simple Login Manager 1.2.0
Simone Rota Slim Simple Login Manager 1.1.0
Simone Rota Slim Simple Login Manager 1.0.0
Simone Rota Slim Simple Login Manager 1.2.5
Simone Rota Slim Simple Login Manager 1.2.3
Simone Rota Slim Simple Login Manager 1.3.0
Simone Rota Slim Simple Login Manager 1.2.6
Simone Rota Slim Simple Login Manager 1.2.4
Simone Rota Slim Simple Login Manager 1.2.2
Simone Rota Slim Simple Login Manager
2.1
CVSSv2
CVE-2014-5000
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
Lawn-login Project Lawn-login 0.0.7
4.6
CVSSv2
CVE-2017-20066
A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public an...
Adminer Login Project Adminer Login 1.4.4
NA
CVE-2016-15031
A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injec...
Php-login Project Php-login 1.0
NA
CVE-2023-26012
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions.
Custom Login Page Project Custom Login Page
5
CVSSv2
CVE-2021-24998
The Simple JWT Login WordPress plugin prior to 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be ...
Simple Jwt Login Project Simple Jwt Login
6.8
CVSSv2
CVE-2021-24804
The Simple JWT Login WordPress plugin prior to 3.2.1 does not have nonce checks when saving its settings, allowing malicious users to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which c...
Simple Jwt Login Project Simple Jwt Login
NA
CVE-2023-0544
The WP Login Box WordPress plugin up to and including 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Wp Login Box Project Wp Login Box
4.3
CVSSv2
CVE-2021-24536
The Custom Login Redirect WordPress plugin up to and including 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue
Custom Login Redirect Project Custom Login Redirect
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »