19 matches found
CVE-2026-7063
The CVE-2026-7063 entry concerns code-projects Employee Management System 1.0, specifically the Endpoint component’s file /370project/process/eprocess.php. The vulnerability arises from manipulating the pwd argument, leading to SQL injection. Exploitation is described as remote and the exploit is...
EUVD-2026-25733
A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...
EUVD-2006-0838
Malware in sbrugna...
EUVD-2012-6171
Malware in sbrugna...
EUVD-2024-22551
Malicious code in bioql PyPI...
Linksys多款产品 命令注入漏洞
Linksys RE6300 and others are products of Linksys, Inc.Linksys RE6300 is a wireless network signal extender.Linksys RE6250 is a wireless extender.Linksys RE6500 is a wireless extender. A command injection vulnerability exists in several Linksys products, which stems from incorrect operation of th...
CVE-2024-25215
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php...
PT-2024-20825 · Unknown · Employee Management System
Name of the Vulnerable Software and Affected Versions: Employee Managment System version 1.0 Description: A SQL injection vulnerability was discovered in Employee Managment System via the pwd parameter at the "/aprocess.php" API endpoint. Recommendations: For Employee Managment System version 1.0...
CVE-2024-25215
CVE-2024-25215 affects Employee Management System v1.0, vulnerable via the pwd parameter in /aprocess.php to a SQL injection. Root cause: improper input handling enabling unauthenticated network access with high impact on confidentiality, integrity, and availability. Connected docs mention remedi...
CVE-2024-25215
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php...
PT-2022-22623 · D Link · D-Link Wireless Ac1200 Dual Band Vdsl Adsl Modem Router Dsl-3782
Name of the Vulnerable Software and Affected Versions: D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware version 1.01 Description: The issue allows unauthenticated attackers to cause a Denial of Service DoS via the User parameter or Pwd parameter to "Login.asp"...
CVE-2018-13336
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation...
Cross-site scripting vulnerability in multiple Arris devices
The Arris DG860A, TG862A and TG862G are modem products from the Arris Group of Companies. A cross-site scripting vulnerability exists in the 'advpwdcgi' parameter in the web management interface of multiple Arris devices. A remote attacker could exploit this vulnerability to inject arbitrary web...
CVE-2015-7290
Cross-site scripting XSS vulnerability in advpwdcgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128100611 through TS0705125D031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter...
Sql injection
SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter...
Sql injection
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...
Sql injection
SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow remote attackers to execute arbitrary SQL commands via the 1 uid and 2 pwd parameter...
CVE-2006-0832
Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow remote attackers to execute arbitrary SQL commands via the 1 uid and 2 pwd parameter...