CVE-2013-10063 Netgear SPH200D <= 1.0.4.80 Path Traversal via HTTP GET

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions = 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive...

CVE-2013-10063 Netgear SPH200D <= 1.0.4.80 Path Traversal via HTTP GET

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions = 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive...

CVE-2013-10063

The Netgear SPH200D embedded web server is vulnerable to path traversal in firmware versions ≤ 1.0.4.80. Authenticated attackers can craft HTTP GET requests to access files outside the web root, exposing sensitive system files and configuration data. Affected: Netgear SPH200D (firmware

CVE-2013-10051 InstantCMS <= 1.6 Remote PHP Code Execution

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...

CVE-2013-10051

InstantCMS

CVE-2013-10051 InstantCMS <= 1.6 Remote PHP Code Execution

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...

CVE-2025-45346

SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request...

CVE-2025-45346

CVE-2025-45346 affects Bacula-web prior to version 9.7.1. The vulnerability is an SQL Injection that can be triggered remotely via a crafted HTTP GET request, potentially allowing arbitrary code execution on affected systems. Public materials in connected documents confirm the issue and point to ...

CVE-2025-7800

A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting...

CVE-2025-7800

A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting...

CVE-2025-7800 cgpandey hotelmis HTTP GET Request admin.php cross site scripting

A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting...

CVE-2025-7800

CVE-2025-7800 affects cgpandey hotelmis (admin.php) with a vulnerability in the HTTP GET Request Handler: manipulation of the Search parameter enables cross-site scripting. The issue is exploitable remotely and is tied to versions prior to c572198e6c4780fccc63b1d3e8f3f72f825fc94e6. PT-Security no...

PT-2025-29888 · Unknown · Rips Scanner

Name of the Vulnerable Software and Affected Versions: RIPS Scanner version 0.54 Description: A path traversal vulnerability exists that allows remote attackers to read arbitrary files on the system with the privileges of the web server. This is achieved by sending crafted HTTP GET requests to th...

CVE-2025-34105 DiskBoss Enterprise Stack-Based Buffer Overflow RCE

A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote...

PT-2025-29547 · Unknown · Diskboss Enterprise

Name of the Vulnerable Software and Affected Versions: DiskBoss Enterprise versions 7.4.28 DiskBoss Enterprise versions 7.5.12 DiskBoss Enterprise versions 8.2.14 Description: A stack-based buffer overflow exists in the built-in web interface. The issue stems from improper bounds checking on the...

CVE-2023-38329

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...

CVE-2023-38329

The CVE-2023-38329 issue affects eGroupWare 17.1.20190111. A reflected cross-site scripting (XSS) vulnerability exists in calendar/freebusy.php where the 'user' parameter is reflected without sanitization. An unauthenticated remote attacker can inject arbitrary web script or HTML, with the docume...

CVE-2023-38329

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...

CVE-2025-53531

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142...

CVE-2025-53530

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server processes URLs up to...