EUVD-2019-9577

Malware in sbrugna...

EUVD-2022-42604

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-29657

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code execution...

CVE-2025-48112 WordPress Dot html,php,xml etc pages plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0...

CVE-2023-29657

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions...

eXtplorer 代码问题漏洞

eXtplorer is a PHP-based file manager. A security vulnerability exists in eXtplorer version 2.1.15, which stems from vulnerability to insecure privileges, where the file upload feature in the file manager allows the upload of zip files that contain php pages with arbitrary code execution...

CVE-2022-3187

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read...

CVE-2022-3187

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read...

PT-2022-20963 · Dataprobe · Dataprobe Iboot Pdu

Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 Description: The issue arises from certain PHP pages only validating when a valid connection is established with the database, but not verifying the validity of a user. This lack of...

Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion...

CVE-2020-12429

Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/checkavailability.php, admin/index.php, change-password.php, checkavailability.php, includes/header.php,...

CVE-2020-8966

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments scripts into a legitimate web page...

Authorization

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization...

CVE-2019-19989

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization...

Symantec Web Gateway dbutils.php SQL Injection (CVE-2014-1651)

An SQL injection vulnerability exists in Symantec Web Gateway. The vulnerability is due to lack of proper sanitization of the "hostname" HTTP parameter passed to some PHP pages. A remote, authenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the vulnerable...

DEBIAN-CVE-2014-4002

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the 1 drpaction parameter to cdef.php, 2 datainput.php, 3 dataqueries.php, 4 datasources.php, 5 datatemplates.php, 6 graphtemplates.php, 7 graphs.php, 8 host.php, or...

Invision Board 1.1.1 ipchat.php Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6976/info Invision Board is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote use...

CVE-2011-5145

Multiple SQL injection vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 seldomainid or 2 action parameter to obm.php; 3 tfuser parameter in a search action to group/groupindex.php; 4...

Norasoft - SQL Injection Vulnerability

Exploit for php platform in category web applications ========================================================================== Norasoft - SQL Injection Vulnerability ========================================================================== Title: Norasoft - SQL Injection Vulnerability Author :...

Vibrant Creations =>SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...