CVE-2025-70758

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...

PT-2026-5986

Name of the Vulnerable Software and Affected Versions chetans9 core-php-admin-panel through commit a94a780d6 Description The application does not call exit after sending an HTTP redirect via headerLocation:login.php when a user is not authenticated. This allows remote unauthenticated attackers to...

CVE-2025-70758

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...

EUVD-2008-5924

Malware in sbrugna...

EUVD-2006-5233

Malware in sbrugna...

EUVD-2008-5923

Malware in sbrugna...

Control iD iDSecure SQL注入漏洞

Control iD iDSecure is an ID security program from Control iD. An SQL injection vulnerability exists in Control iD iDSecure version 23.3.19.0, which stems from a problem with the file /v2/customerdb/operator.svc/a, where manipulation of email can result in sql injection...

Unspecified Vulnerability in Fortinet FortiPortal

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability in the customer database interface of Fortinet FortiPortal prior ...

CVE-2021-36181

A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...

Race condition

A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...

CVE-2021-36181

A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...

CVE-2021-36181

A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...

CVE-2017-11614

MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilize...

KTP Computer Customer Database CMS 1.0 - Local File Inclusion Vulnerability

No description provided by source. !/usr/bin/perl -w ====================================== KTPCCD Local File Inclusion Exploit ====================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

Point-of-Sale Terminals Compromised at 63 Barnes & Noble Locations

UPDATE – America’s largest book retailer, Barnes & Noble, announced this morning it has detected evidence of tampering in 63 PIN-pad devices used in as many stores by criminals trying to steal payment card information. Barnes & Noble claims to have disconnected all the affected devices from servi...

CVE-2008-5952

SQL injection vulnerability in KTP Computer Customer Database KTPCCD CMS, when magicquotesgpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI...

CVE-2008-5953

CVE-2008-5953 is a directory traversal vulnerability affecting the KTP Computer Customer Database (KTPCCD) CMS. When magic_quotes_gpc is disabled, a remote attacker can include and execute arbitrary local files by supplying a .. (dot dot) path in the p parameter of the default URI. This leads to ...

CVE-2008-5954

CVE-2008-5954 describes an SQL injection vulnerability in the KTP Computer Customer Database (KTPCCD) CMS. When magic_quotes_gpc is disabled, remote attackers can inject SQL via the lname parameter in a login action to an unspecified component, potentially compromising data. The available documen...

CVE-2008-5952

The CVE-2008-5952 entry describes an SQL injection in the KTP Computer Customer Database (KTPCCD) CMS. When magic_quotes_gpc is disabled, remote authenticated users can inject arbitrary SQL via the tid parameter in a vtech action to the default URI. Affected software: KTPCCD CMS (KTP Computer Cus...

KTP Computer Customer Database CMS Blind SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================================== KTP Computer Customer Database CMS Blind SQL Injection Vulnerability ====================================================================...