CVE-2026-42471

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client Connection.php:76 calls unserialize on data received from the server response, enabling client-side RCE if connecting to a malicious server...

Mix PHP 代码问题漏洞

Mix PHP is Mix PHP open source a PHP command line mode development framework that supports seamless multi-server ecosystem switching. A code issue vulnerability exists in Mix PHP versions 2.x through 2.2.17, which stems from a call to unserialize in Connection.php to process server response data,...

EUVD-2016-0793

Malware in sbrugna...

AndSoft e-TMS SQL注入漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the SessionID cookie parameter in file /inc/connect/CONNECTION.ASP. An attacker can us...

CVE-2025-3268

A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/httpconn.cpp. The manipulation of the argument murlreal leads to improper authentication. The attack can be initiated remotely. The exploit has...

PT-2025-15042 · Unknown · Qinguoyi Tinywebserver

Name of the Vulnerable Software and Affected Versions: qinguoyi TinyWebServer version 1.0 Description: A critical issue has been found in the software, affecting some unknown functionality of the file /http/http conn.cpp. The manipulation of the name and password arguments leads to a stack-based...

CVE-2025-27103

Summary (CVE-2025-27103) DataEase (open source BI tool) prior to v2.10.6 is affected by a bypass of the patch for CVE-2024-55953 that allows authenticated users to read and deserialize arbitrary files via the background JDBC connection. The issue arises from the unfiltered JDBC connection string ...

CVE-2024-55953

DataEase is an open-source business analytics tool. CVE-2024-55953 affects the JDBC credential/connection handling: authenticated users can read and deserialize arbitrary files via the background JDBC connection because connection-string parameters are not filtered. Root cause: unfiltered paramet...

SUSE CVE-2014-3637

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor...

CVE-2021-25230

An improper access control vulnerability in Trend Micro Apex One on-prem and SaaS and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file...

PT-2019-18157 · Aveva · Intouch Edge Hmi +1

Name of the Vulnerable Software and Affected Versions: AVEVA Software, LLC InduSoft Web Studio versions prior to 8.1 SP3 AVEVA Software, LLC InTouch Edge HMI formerly InTouch Machine Edition versions prior to 2017 Update Description: An issue exists where an unauthenticated remote user could...

CVE-2016-0778

The 1 roamingread and 2 roamingwrite functions in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service heap-based...

Heap overflow

The 1 roamingread and 2 roamingwrite functions in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service heap-based...

Design/Logic Flaw

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor...

Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Buffer Overflow (PoC)

Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Buffer Overflow PoC g 208.152c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception ha...

Easy room search system type injection exploit-vulnerability warning-the black bar safety net

This system is a housing transactions, rental of the system. Vulnerability file: searchsell. asp; the searchhire. asp; the searchbuy. asp conn. asp Keyword inurl: efwmanager; the inurl: the searchhire. asp; and inurl: in subhack. asp? This keyword is a bit much By Macromedia Dreamweaver the searc...