EUVD-2025-27464

Malicious code in bioql PyPI...

CVE-2025-34175

In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...

CVE-2025-34175

In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...

PT-2025-36942

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The value of the filehash parameter in /usr/local/www/suricata/suricata filecheck.php is displayed without proper sanitization for HTML-related characters and strings. This can lead to...

CVE-2007-1135

Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the 1 strid parameter to index.php and the 2 id0 or other id array index parameter to filecheck.php...

PHPKIT 1.6.1R2 - 'filecheck' Remote Command Execution

works with allowurlfopen = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "All men can see the tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." also if magicquotesgpc = Off, you can view any file on target system by null...