CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

PT-2026-26559

A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin edit menu action.php. Such manipulation of the argument product name leads to sql injection. The attack may be performed from...

CVE-2019-25535 Netartmedia PHP Dating Site SQL Injection via loginaction.php

Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field ...

CVE-2023-53773

MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tvaction.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tvaction.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg...

CVE-2023-53773 MiniDVBLinux 5.4 Unauthenticated Live Stream Disclosure via tv_action.sh

MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tvaction.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tvaction.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg...

CVE-2023-53773

MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that lets remote attackers trigger the Simple VDR Protocol to generate a live TV screenshot stored at /var/www/images/tv.jpg via the /tpl/tv_action.sh endpoint without authentication. This affects the component ...

PT-2025-50270

Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description The software contains an unauthenticated issue in the tv action.sh script. This allows remote attackers to generate live stream snapshots using the Simple VDR Protocol. Attackers can request the /tpl/tv...

EUVD-2019-6656

Malware in sbrugna...

EUVD-2015-2464

Malware in sbrugna...

EUVD-2017-12241

Malware in sbrugna...

CVE-2023-44414

D-Link D-View coreserviceactionscript Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2023-44414

D-Link D-View coreserviceactionscript Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw...

D-Link D-View 安全漏洞

D-Link D-View is a web-based design network device management software from D-Link. A security vulnerability exists in D-Link D-View that originates from a remote code execution vulnerability in the coreserviceactionscript exposed dangerous function...

PT-2023-30852 · Unknown · Projectworld Online Voting System

Name of the Vulnerable Software and Affected Versions: Online Voting System Project version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The username parameter of the "reg action.php" resource does not validate the characters received and they are se...

PT-2023-6106 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: The vulnerability resides within the coreservice action script action of the D-Link D-View platform. It involves the exposure of a dangerous function, allowing remote attackers to...

Vulnerability fixed in Cacti

Vulnerabilities have been fixed in Cacti. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. An unauthenticated malicious party can gain access to the remoteagent.php file. By bypassing the authentication of this file...

CVE-2022-32392

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manageaction.php:4...

CVE-2021-44098

EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expenseaction.php. This allows a remote attacker to compromise Application SQL database...

The vulnerability of the data model created using Action Script 3 and the Flash Player software allows a perpetrator to execute arbitrary code.

The vulnerability of the data model created using Action Script 3, on the Flash Player software platform, arises from the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code memory corruption remotely...

CVE-2017-3099

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution...