87 matches found
CVE-2023-38329
An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...
CVE-2023-38329
An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...
CVE-2023-38329
The CVE-2023-38329 issue affects eGroupWare 17.1.20190111. A reflected cross-site scripting (XSS) vulnerability exists in calendar/freebusy.php where the 'user' parameter is reflected without sanitization. An unauthenticated remote attacker can inject arbitrary web script or HTML, with the docume...
CVE-2023-27394
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...
CVE-2022-39822
In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation...
CVE-2019-15503
cgi-cpn/xcoding/prontusvideocut.cgi in AltaVoz Prontus aka ProntusCMS through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter...
CVE-2025-3612
CVE-2025-3612 affects Demtec Graphytics 5.0.7. The issue resides in an unknown part of the file /visualization within the HTTP GET Parameter Handler component, where input manipulation enables cross-site scripting. Exploitation is possible remotely and publicized, with the vendor not responding t...
PT-2025-16285 · Demtec · Demtec Graphytics
Name of the Vulnerable Software and Affected Versions: Demtec Graphytics version 5.0.7 Description: A vulnerability was found in Demtec Graphytics, affecting an unknown part of the file/visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross-site scripting. It i...
CVE-2025-29033
An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter...
CVE-2025-29033
An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter...
CVE-2025-29033
The CVE-2025-29033 issue affects BambooHR Build 25.0210.170831-83b08dd, where a remote attacker can escalate privileges through the GET parameter r of /saml/index.php. Descriptions across multiple feeds confirm the vulnerability path but do not supply an official patched version or vendor-issued ...
CVE-2025-2353
A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registryid/planeicao leads to sql injection. It is...
CVE-2025-2353 VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection
A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registryid/planeicao leads to sql injection. It is...
CVE-2025-2353
CVE-2025-2353 affects VAM Virtual Airlines Manager (up to 2.6.2). The root cause is SQL injection in an HTTP GET parameter handler in the /vam/index.php file, via the arguments ID/registry_id/plane_icao. This permits remote exploitation and can lead to unauthorized database access or manipulation...
CVE-2025-2353 VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection
A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registryid/planeicao leads to sql injection. It is...
CVE-2024-28138
An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msgevents.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized...
CVE-2024-28138 OS Command Injection
An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msgevents.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized...
CVE-2023-27394
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...
CVE-2023-27394 CVE-2023-27394
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...
CVE-2023-27394 CVE-2023-27394
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...