Lucene search
K

87 matches found

NVD
NVD
added 2025/07/11 3:15 p.m.9 views

CVE-2023-38329

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...

6.1CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/11 12:0 a.m.10 views

CVE-2023-38329

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...

0.00238EPSS
Exploits0References1
CVE
CVE
added 2025/07/11 12:0 a.m.24 views

CVE-2023-38329

The CVE-2023-38329 issue affects eGroupWare 17.1.20190111. A reflected cross-site scripting (XSS) vulnerability exists in calendar/freebusy.php where the 'user' parameter is reflected without sanitization. An unauthenticated remote attacker can inject arbitrary web script or HTML, with the docume...

6.1CVSS6AI score0.00238EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.9 views

CVE-2023-27394

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...

9.8CVSS8.2AI score0.18202EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:47 a.m.8 views

CVE-2022-39822

In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation...

8.8CVSS8AI score0.00618EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.5 views

CVE-2019-15503

cgi-cpn/xcoding/prontusvideocut.cgi in AltaVoz Prontus aka ProntusCMS through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter...

10CVSS7.5AI score0.02438EPSS
Exploits0References1
CVE
CVE
added 2025/04/15 3:0 a.m.47 views

CVE-2025-3612

CVE-2025-3612 affects Demtec Graphytics 5.0.7. The issue resides in an unknown part of the file /visualization within the HTTP GET Parameter Handler component, where input manipulation enables cross-site scripting. Exploitation is possible remotely and publicized, with the vendor not responding t...

5.3CVSS4.3AI score0.00385EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.5 views

PT-2025-16285 · Demtec · Demtec Graphytics

Name of the Vulnerable Software and Affected Versions: Demtec Graphytics version 5.0.7 Description: A vulnerability was found in Demtec Graphytics, affecting an unknown part of the file/visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross-site scripting. It i...

5.3CVSS4.2AI score0.00385EPSS
Exploits0References8
NVD
NVD
added 2025/04/01 9:15 p.m.21 views

CVE-2025-29033

An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter...

7.3CVSS0.00524EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/01 12:0 a.m.28 views

CVE-2025-29033

An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter...

0.00524EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 12:0 a.m.49 views

CVE-2025-29033

The CVE-2025-29033 issue affects BambooHR Build 25.0210.170831-83b08dd, where a remote attacker can escalate privileges through the GET parameter r of /saml/index.php. Descriptions across multiple feeds confirm the vulnerability path but do not supply an official patched version or vendor-issued ...

7.3CVSS7.4AI score0.00524EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/19 12:23 a.m.15 views

CVE-2025-2353

A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registryid/planeicao leads to sql injection. It is...

7.5CVSS7.4AI score0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/16 11:31 p.m.7 views

CVE-2025-2353 VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection

A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registryid/planeicao leads to sql injection. It is...

7.5CVSS7.5AI score0.0035EPSS
Exploits0References3
CVE
CVE
added 2025/03/16 11:31 p.m.125 views

CVE-2025-2353

CVE-2025-2353 affects VAM Virtual Airlines Manager (up to 2.6.2). The root cause is SQL injection in an HTTP GET parameter handler in the /vam/index.php file, via the arguments ID/registry_id/plane_icao. This permits remote exploitation and can lead to unauthorized database access or manipulation...

7.5CVSS7.5AI score0.0035EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/16 11:31 p.m.30 views

CVE-2025-2353 VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection

A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registryid/planeicao leads to sql injection. It is...

7.5CVSS0.0035EPSS
Exploits0References3
NVD
NVD
added 2024/12/10 8:15 a.m.26 views

CVE-2024-28138

An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msgevents.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized...

7.3CVSS0.00901EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/10 7:35 a.m.38 views

CVE-2024-28138 OS Command Injection

An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msgevents.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized...

0.00901EPSS
Exploits0References2
NVD
NVD
added 2023/03/28 9:15 p.m.36 views

CVE-2023-27394

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...

9.8CVSS10AI score0.18202EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/03/28 8:5 p.m.10 views

CVE-2023-27394 CVE-2023-27394

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...

9.8CVSS10AI score0.18202EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/03/28 8:5 p.m.43 views

CVE-2023-27394 CVE-2023-27394

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...

9.8CVSS10AI score0.18202EPSS
Exploits1References1
Rows per page
Query Builder