CVE-2018-25398

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

PT-2026-44876

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

EUVD-2025-29647

Malicious code in bioql PyPI...

CVE-2025-34184

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

CVE-2025-34184

CVE-2025-34184 affects Ilevia EVE X1 Server (≤4.7.18.0.eden). The vulnerability is an unauthenticated OS command injection in /ajax/php/login.php, allowing remote attackers to inject commands via the passwd POST parameter and potentially achieve full system compromise or DoS. Some sources also do...

CVE-2025-34184 Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

PT-2025-38074

Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1 Server contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by...

📄 Ilevia EVE X1 Server 4.7.18.0.eden Command Injection

iIlevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the passwd HTTP POST parameter in the /ajax/php/login.php script. !/usr/bin/env python Ilevia EVE ...

PT-2023-26689 · NetGear · Netgear R6300V2 +2

Name of the Vulnerable Software and Affected Versions: Netgear DC112A version 1.0.0.64 Netgear EX6200 version 1.0.3.94 Netgear R6300v2 version 1.0.4.8 Description: A buffer overflow issue was discovered via the http passwd parameter in password.cgi. This issue affects Netgear devices...

phpGroupWare多个输入验证漏洞

BUGTRAQ ID: 35761 CVE ID: CVE-2009-4414,CVE-2009-4415,CVE-2009-4416 phpGroupWare是一个用PHP编写的多用户的网络组件，为开发其他程序提供了一个API。 phpGroupWare的多个组件中存在输入验证错误，远程攻击者可以通过提交恶意请求泄露敏感信息、执行跨站脚本或SQL注入攻击。 1 没有正确地验证传送给csvfile参数的输入便在addressbook/csvimport.php中使用，这可能导致在受影响系统上读取任意文件的内容。 2...

CVE-2009-4414

SQL injection vulnerability in phpgwapi /inc/class.authsql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php...