OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service

Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...

PT-2026-6773

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager contains a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application does not properly sanitize the term parameter before usin...

EUVD-2019-18491

Malware in sbrugna...

CVE-2019-9106

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php...

SAET Impianti Speciali TEBE Small WebApp Path Traversal Vulnerability

SAET Impianti Speciali TEBE Small is a physical access control system from the Italian company SAET. webApp is one of the web-based management programs. A path traversal vulnerability exists in WebApp version v04.68 in SAET Impianti Speciali TEBE Small 05.01 build 1137, which can be exploited by ...

CVE-2019-9106

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php...

CVE-2019-9105

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI&customurl=alladminusers...

CVE-2019-9105

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI&customurl=alladminusers...

Authentication flaw

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI&customurl=alladminusers...

CVE-2019-9106

The CVE-2019-9106 vulnerability affects WebApp v04.68 in the SAET Impianti Speciali TEBE Small 05.01 build 1137 supervisor. It enables remote attackers to execute or include local PHP files, demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. Root cause i...

CVE-2019-9106

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php...

CVE-2019-9105

The CVE-2019-9105 entry concerns WebApp v04.68 on SAET Impianti Speciali TEBE Small 05.01 build 1137 shown as vulnerable to unauthenticated API calls, demonstrated by returning password hashes via inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers. Connected documents corroborate an a...

CVE-2019-9105

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI&customurl=alladminusers...

catasto-impianti-termici.regione.veneto.it XSS vulnerability

Vulnerable URL: https://catasto-impianti-termici.regione.veneto.it/login.php?msg=%27%22%3E%3Csvg/onload=confirm/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP websi...