UBUNTU-CVE-2024-51144

Cross Site Request Forgery CSRF vulnerability exists in the 'pvmsg.php?action=addmessage', pvmsg.php?action=confirmdelete , and ajax.server.php?page=user&action=flipfollow endpoints in Ampache = 6.6.0...

CVE-2019-5112

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...

CVE-2019-5111

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filtercat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters...

CVE-2019-16662

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...

NextBBS 0.6 - ajaxserver.php Multiple SQL Injections

NextBBS 0.6 - ajaxserver.php Multiple SQL Injections source: https://www.securityfocus.com/bid/52728/info NextBBS is prone to multiple SQL-injection vulnerabilities, a cross-site scripting vulnerability, and an authentication-bypass vulnerability. Exploiting these vulnerabilities could allow an...