CVE-2026-7881 Concrete CMS 9.5.0 and below is vulnerable to IDOR in the Express Entry Detail block

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

EUVD-2006-7208

Malware in sbrugna...

EUVD-2005-4643

Malware in sbrugna...

EUVD-2006-6015

Malware in sbrugna...

CVE-2024-30625

Tenda FH1205 v2.0.0.7775 has a stack overflow vulnerability in the entrys parameter from fromAddressNat function...

CVE-2022-38947

SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in producttitle parameter, allows attackers to execute arbitrary code...

code-projects Hotel Management System 安全漏洞

Code-Projects Hotel Management System is an open source hotel management system from Code-Projects. A security vulnerability exists in code-projects Hotel Management System version 1.0 due to a buffer overflow in the parameter adminentry...

CVE-2024-2344

The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted...

Tenda AC500 缓冲区错误漏洞

Tenda AC500 is a gigabit port access controller from Tenda, China. tenda AC500 is vulnerable to a buffer overflow vulnerability, which stems from the entry and mitInterface parameters of the fromRouteStatic function failing to properly validate the length of user input data, which could be...

GHSA-V6GF-X8FP-532V Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI...

Apache Solr webapp/web/js/scripts/plugins.js cross-site scripting vulnerability

Apache olr is an enterprise-ready, Lucene-based search server. A cross-site scripting vulnerability exists in webapp/web/js/scripts/plugins.js in the stats page of the Admin UI in Apache Solr versions prior to 5.3.1. A remote attacker can inject arbitrary web script or HTML via the entry paramete...

Sql injection

SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter...

CVE-2006-7076

Cross-site scripting XSS vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection...

CVE-2006-7076

CVE-2006-7076 affects Advanced Guestbook 2.4 for phpBB, with a cross-site scripting flaw in guestbook.php that lets remote attackers inject arbitrary script or HTML via the entry parameter. The issue is identified as XSS and notes indicate it might originate from SQL injection. Documented impact ...

CVE-2006-6032

SPHPBlog (Simple PHP Blog) is affected by XSS in CVE-2006-6032. Concrete details from the connected data show vulnerable code paths in SPHPBlog where input is used without proper validation for two parameters: the action parameter in add_block.php and the entry parameter in index.php. The descrip...

Sql injection

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 entry and 2 email parameters to a print.php and b mail.php...

CVE-2004-1213

Cross-site scripting XSS vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter...