CVE-2018-25398 The Open ISES Project 3.30A SQL Injection via main.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

CVE-2026-48238

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobilemain.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft requests that alter...

PT-2026-29061

Name of the Vulnerable Software and Affected Versions Smoothwall Express versions prior to 3.1 Update 13 Description Smoothwall Express is affected by a stored cross-site scripting issue in the /cgi-bin/vpnmain.cgi script. The issue stems from insufficient input validation of the VPN IP parameter...

CVE-2019-25398 IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPNIP, DMTU, ccdname,...

CVE-2019-25398

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script. The issue allows attackers to inject arbitrary JavaScript by submitting POST parameters such as VPN_IP, DMTU, ccdname, ccdsubnet, DOVPN_SUBNET, DHCP_DOMAIN, DHCP_DNS, DHCP_WINS, ROUTES_P...

IPFire 跨站脚本漏洞

IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 Core Update contains a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of VPN configuration...

KitHack

This is a collection of tools and scripts for the KitHack framework, a penetration testing tool. The repository includes a Python script, clean.sh, which is used to clean up the tools directory. The script checks if the user has root permissions and, if so, removes any tools that are not empty. T...

Linux Distros Unpatched Vulnerability : CVE-2007-4306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the 1 unlimnumrows, 2...

CVE-2023-23019

Cross site scripting XSS vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function useradd....

datadog/dd-trace Circumvents open_basedir INI directive

datadog/dd-trace versions 0.30.0 prior to 0.30.2 are affected by a security and stability issue outlined in PR 579. This pull request ensures that the ddtrace.requestinithook remains bound by the openbasedir INI directive, effectively addressing potential vulnerabilities related to openbasedir...

CVE-2022-37264

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...

R00Kie-Kr00Kie - PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability

Disclaimer This is a PoC exploit for the CVE-2019-15126 kr00k vulnerability. This project is intended for educational purposes only and cannot be used for law violation or personal gain. The author of this project is not responsible for any possible harm caused by the materials. Requirements To u...

CVE-2018-19312

Centreon 3.4.x fixed in Centreon 18.10.0 and Centreon web 2.8.24 allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI...

CVE-2017-0378

XSS exists in the loginform function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATHINFO to main.php...