EUVD-2026-19054

A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler. Such manipulation of the argument Name leads to sql injection. The attack can be launched...

CVE-2026-5553

A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler. Such manipulation of the argument Name leads to sql injection. The attack can be launched...

CVE-2026-5553 itsourcecode Online Cellphone System Parameter available.php sql injection

A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler. Such manipulation of the argument Name leads to sql injection. The attack can be launched...

EUVD-2026-8849

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2026-2677

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2026-2677

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2026-2677 Multiple vulnerabilities in A3factura software

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2020-37077 Booked Scheduler 2.7.7 - Authenticated Directory Traversal

Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manageemailtemplates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...

itsourcecode Student Management System SQL注入漏洞

itsourcecode Student Management System is an open source student management system from itsourcecode. A SQL injection vulnerability exists in version 1.0 of itsourcecode Student Management System, which originates from a misuse of the parameter Name in the file /newadviser.php, which could lead t...

Seafile 跨站脚本漏洞

Seafile is an open source enterprise cloud disk from China Haiwen Huzhi Network Technology Seafile. The product has Markdown WYSIWYG editing, Wiki, file labeling and other features. A cross-site scripting vulnerability exists in Seafile version v12.0.10, which stems from the unfiltered PUT...

CVE-2025-34312

IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BENAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST ...

XSSy.uk-Solve-lab-Notes

XSS Lab Solutions Source: https://xssy.uk/allLabs --- No...

EUVD-2018-17484

Malware in sbrugna...

EUVD-2017-9164

Malware in sbrugna...

EUVD-2014-3746

Malware in sbrugna...

Beauty Parlour Management System edit-services.php File SQL Injection Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in t...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from incorrect manipulation of the parameter name/alias/description/applicationName in the file...

SolidInvoice 代码注入漏洞

SolidInvoice is an invoice solution application from SolidInvoice open source. A code injection vulnerability exists in SolidInvoice version 2.4.0 and earlier, which stems from the incorrect manipulation of the parameter Name by file/quotes in the component Quote Module, resulting in a cross-site...

SolidInvoice 代码注入漏洞

SolidInvoice is an invoice solution application from SolidInvoice open source. A code injection vulnerability exists in SolidInvoice version 2.4.0 and earlier, which stems from the incorrect manipulation of the parameter Name by file/clients in the component Clients Module, leading to a cross-sit...

CVE-2025-8967 itsourcecode Online Tour and Travel Management System packages.php sql injection

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...