curl: FTP entrypath accepts 0xFF (Telnet IAC) through incomplete ISCNTRL filter, sent on wire via CWD on connection reuse

Summary A malicious FTP server can embed byte 0xFF Telnet IAC in the PWD response path. The ISCNTRL filter at lib/ftp.c:3095 expands to ISLOWCNTRLx || IS7Fx, which is unsigned charx entrypath line 3131 and sent verbatim via CWD %s on connection reuse line 849. I understand the KNOWNRISK.md and...

PT-2026-6899

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in D-Link DIR-823X version 250416 that allows remote attackers to execute operating system commands. This occurs due to a command injection in an unknown function within the /goform/set...

CVE-2025-63452

CVE-2025-63452 affects Car-Booking-System-PHP v1.0 and is due to a SQL Injection in the /carlux/forgot-pass.php endpoint. The vulnerability stems from insufficient input validation on user-supplied data used in SQL queries, as indicated by multiple sources. The CVSSv3.1 base score is 9.4 (CRITICA...

PT-2025-39811

Name of the Vulnerable Software and Affected Versions Ruijie NBR2100G-E versions up to 20250919 Description A security flaw exists in Ruijie NBR2100G-E. The issue is related to os command injection. This occurs through manipulation of the city argument in the listAction function within the file...

CVE-2025-11045

A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-9004 mtons mblog password excessive authentication

A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. T...

Car Washing Management System Session Hijacking Vulnerability

Car Washing Management System is a car wash management system. Car Washing Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /doctor/change-password.php, no details of the vulnerability are provided at this time...

Bank Locker Management System Session Hijacking Vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /banker/change-password.php. No detailed vulnerability details are available at this time...

CVE-2025-50491

Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack...

CVE-2025-45947

An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component...

PT-2024-38369 · Unknown · Oswapp Warehouse Inventory System

Name of the Vulnerable Software and Affected Versions: OSWAPP Warehouse Inventory System versions 1.0 through 2.0 Description: A vulnerability was found in the OSWAPP Warehouse Inventory System, affecting an unknown functionality of the file /change password.php. This issue leads to cross-site...

answer 安全漏洞

answer is an open source knowledge-based community software. answer 1.0.6 prior versions of the authorization problem vulnerability , the vulnerability stems from the request to set a new password in /answer/admin/api/user/password there is improper permission management , a low-privilege attacke...

socialsite-sql.txt

Application Name : Social Site Generator DeMo : www.ssgdemo.com Vulnerable Type : SQL InJeCtiOn Dork : NOT YET author : DeAr Ev!L Team : DeLtA MoRoCcAn tEaM Greatz : ALLAH : Genie & Roy5 & Mister-x : & InjEctOr5 Te4M & H-T Team & Djekmani & Str0k and all muslims Hackers ADMIN :...