CVE-2022-50794 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command Injection via Username

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system...

EUVD-2025-198427

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...

Directory Traversal

dovecot is vulnerable to authorization bypass. A remote, authenticated user can bypass intended access restrictions or conduct a directory traversal attack by leveraging login scripts...

CVE-2017-1000474

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manageemployee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Store...

[WATOBO 0.9.13] THE Web Application Toolbox

WATOBO is intended to enable security professionals to perform highly efficient semi-automated web application security audits. WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite. Additionally, WATOBO supports passive and active checks. Passive checks are more like filter...