EUVD-2022-55985

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

CVE-2020-10879

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped...

EUVD-2020-28780

Malware in sbrugna...

EUVD-2015-8584

Malware in sbrugna...

EUVD-2004-2315

Malware in sbrugna...

EUVD-2025-4264

Malicious code in bioql PyPI...

CVE-2022-25568

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...

CVE-2020-23151

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped...

PT-2025-22136 · Zalo · Zalo

Name of the Vulnerable Software and Affected Versions: Zalo version 23.09.01 Description: The issue allows attackers to obtain sensitive user information via a crafted GET request. Recommendations: For Zalo version 23.09.01, at the moment, there is no information about a newer version that contai...

CVE-2025-45611

Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request...

The vulnerability of the commands.inc.php component of the rConfig configuration management tool for network devices stems from a lack of security measures in the SQL query structure. This allows attackers to execute arbitrary commands.

The vulnerability of the commands.inc.php component of the rConfig network device configuration management tool is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands via a specially crafted GET...

clearswift MIMEsweeper for Web 4.05.0 - Directory Traversal

clearswift MIMEsweeper for Web 4.05.0 - Directory Traversal source: https://www.securityfocus.com/bid/10918/info Clearswift MIMEsweeper For Web is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. To carry out an attack an attacker may...

CVE-2003-1137

Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...

CVE-2002-2237

tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a denial of service via a GET request with a DOS device name such as com1 or aux...

Orange Software Orange Web Server 2.1 - Denial of Service

source: https://www.securityfocus.com/bid/2432/info A remote user can cause a denial-of-service condition in Orange Software Orange Web Server. The attacker could submit a specially crafted GET request via a telnet connection to cause the server to crash. A restart of the server is required to ga...