104 matches found
CVE-2026-7766
Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server. The issue was fixed in version 2026-04-23 of the KG-5260xxxx-IL-G2 cameras. Rest of the produc...
PT-2026-43040
Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server. The issue was fixed in version 2026-04-23 of the KG-5260xxxx-IL-G2 cameras. Rest of the produc...
PT-2026-35088
Name of the Vulnerable Software and Affected Versions NSIS Nullsoft Scriptable Install System versions 3.06.1 through 3.11 Description When executing as SYSTEM, the software sometimes uses the Low Integrity Level Low IL temporary directory. This allows local attackers to gain elevated privileges ...
CVE-2019-25459
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...
CVE-2019-25459
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...
CVE-2019-25458
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...
CVE-2019-25459
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...
CVE-2019-25459 Web Ofisi Emlak V2 SQL Injection via emlak-ara.html
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...
CVE-2019-25459 Web Ofisi Emlak V2 SQL Injection via emlak-ara.html
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...
CVE-2019-25459
CVE-2019-25459 affects Web Ofisi Emlak V2. Multiple SQL injection vulnerabilities exist in the real estate site’s GET endpoint (notably emlak_durumu, emlak_tipi, il, ilce, kelime, semt) that allow unauthenticated attackers to manipulate database queries and potentially extract sensitive data or p...
CVE-2019-25458
CVE-2019-25458 affects Web Ofisi Firma Rehberi v1, where an SQL injection flaw allows unauthenticated users to manipulate database queries via GET parameters. Specifically, malicious payloads placed in the il, kat, or kelime parameters can extract sensitive data or enable time-based blind SQL inj...
CVE-2026-2236
C@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-2235
C@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-2236 HGiga|C&Cm@il - SQL Injection
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-2235 HGiga|C&Cm@il - SQL Injection
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-2235
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-2234
C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...
PT-2026-7077
C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...
PT-2026-7079
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
HGiga C&Cm@il 访问控制错误漏洞
HGiga C&Cm@il is an email collaboration system developed by China’s HGiga Corporation. There is an access control vulnerability in HGiga C&Cm@il, which stems from the lack of authentication. This vulnerability could allow unverified remote attackers to read and modify the email content of any use...