📄 WebADM 2.4.17-1 Password Hash Disclosure

WebADM version 2.4.17-1 contains an authenticated information disclosure vulnerability in the LDAP search functionality. The display parameter in search.php accepts any LDAP attribute without server-side validation. A low-privileged admin can retrieve SSHA password hashes for all LDAP users...

SQL Injection

devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the display parameter in API requests, which allows an attacker to execute arbitrary SQL queries and compromise the database...

SQL Injection

devcode-it/openstamanager is vulnerable to a SQL Injection. The vulnerability is due to improper validation of the display parameter in the API, which allows an attacker to inject and execute arbitrary SQL queries to access, modify, or delete database data...

GHSA-2JM2-2P35-RP3J OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter

Summary An authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in an API request, an attacker can exfiltrate, modify, or delete any data in the database, leading to a full...

EUVD-2025-198178

OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter...

OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter

Summary An authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in an API request, an attacker can exfiltrate, modify, or delete any data in the database, leading to a full...

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the display parameter in API requests. An attacker can execute arbitrary SQL commands by supplying crafted input to t...

CVE-2025-65103 OpenSTAManager has an authenticated SQL Injection vulnerability in API via 'display' parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in ...

CVE-2025-65103 OpenSTAManager has an authenticated SQL Injection vulnerability in API via 'display' parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in ...

EUVD-1999-0759

Malware in sbrugna...

CVE-2024-56144

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display. Librenms versions up to 24.11.0 allow remote attackers to inject...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the display parameter in the device editing interface. PoC " This is triggered by hoveri...

PT-2025-3197 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: Librenms versions up to 24.11.0 Description: The issue concerns a stored XSS vulnerability in the parameters of the /device/$DEVICE ID/edit endpoint, specifically the display parameter. This allows remote attackers to inject malicious scripts...

SUSE CVE-2024-40924

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dpt: Make DPT object unshrinkable In some scenarios, the DPT object gets shrunk but the actual framebuffer did not and thus its still there on the DPT's vm-boundlist. Then it tries to rewrite the PTEs via a stale CPU...

UBUNTU-CVE-2021-3638

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati2dblt routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QE...

Freepbx 13.0.35 SQL Injection

Vulnerable software : Freepbx Tested version : 13.0.35 vendor : freepbx.org Author : i-Hmx Email : [email protected] Home : sec4ever.com Freepbx suffer from unauthenticated sql injection flaw due to insufficient sanitization of "display" parameter File : admin/libraries/DB.class.php public functi...

CVE-2012-5244

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 return, 2 display, 3 table, or 4 search parameter to functions/suggest.php; 5 the id parameter to functions/widgets.php, 6 the category parameter to...

Sql injection

SQL injection vulnerability in ogpshow.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter...