EUVD-2006-3313

Malware in sbrugna...

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

Sql injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2018-20323

www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands...

BlackCat CMS 'logs.php' Arbitrary File Download Vulnerability

BlackCat CMS is a content management system based on PHP5 and HTML5. BlackCat CMS suffers from an input validation vulnerability that allows remote attackers to submit a special request to download arbitrary files...

BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability

Exploit Title: BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability Date: 2015/06/16 Vendor Homepage: http://blackcat-cms.org/ Software Link: http://blackcat-cms.org/temp/packetyzer/blackcatcms2fo3PXdKj1.zip Version: v1.1.1 Tested on: Centos 6.5,PHP 5.4.41 Category: webapps Description...

BlackCat CMS 1.1.1 - Arbitrary File Download

BlackCat CMS 1.1.1 - Arbitrary File Download Exploit Title: BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability Date: 2015/06/16 Vendor Homepage: http://blackcat-cms.org/ Software Link: http://blackcat-cms.org/temp/packetyzer/blackcatcms2fo3PXdKj1.zip Version: v1.1.1 Tested on: Centos 6.5,P...

BlackCat CMS 1.1.1 Arbitrary File Download Vulnerability

BlackCat CMS version 1.1.1 suffers from an arbitrary file download vulnerability. Exploit Title: BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability Date: 2015/06/16 Vendor Homepage: http://blackcat-cms.org/ Software Link: http://blackcat-cms.org/temp/packetyzer/blackcatcms2fo3PXdKj1.zip...

CVE-2014-5090

admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel...

Code injection

admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel...

CVE-2014-5089

Status2k Server Monitoring Software (Status2K) is affected by CVE-2014-5089 due to an SQL injection in admin/options/logs.php where the log parameter can be exploited by remote authenticated administrators to execute arbitrary SQL commands. This is supported by multiple sources (NVD entry CVE-201...

CVE-2014-5090

admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel...

CVE-2006-6211

Multiple cross-site scripting XSS vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 msg parameter to a admin/admincore.php, the 2 month parameter to b admin/comments.php or c admin/entries.php, or the 3 page parameter to d admin/logs.php,...

CVE-2006-3316

Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraiddir parameter to 1 logs.php and 2 users.php, a different set of vectors than CVE-2006-3116...