Lucene search
K

61 matches found

Vulnrichment
Vulnrichment
added 2026/04/05 8:45 p.m.2 views

CVE-2019-25669 qdPM 9.1 SQL Injection via search_by_extrafields Parameter

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...

8.8CVSS6.1AI score0.00311EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.10 views

PT-2026-30478

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search by extrafields parameter. Attackers can send POST requests to the users endpoint with malicious search by extrafields values to trigger SQL syntax errors...

8.8CVSS6.1AI score0.00311EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 a.m.1 views

CVE-2018-25208

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...

8.8CVSS6.2AI score0.00337EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-18791

Malware in sbrugna...

5.4CVSS5.6AI score0.00849EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-4156

Malware in sbrugna...

5.8CVSS5.6AI score0.00996EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-10392

Malware in sbrugna...

5.4CVSS5.6AI score0.00413EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-17780

Malware in sbrugna...

6.1CVSS6.2AI score0.08864EPSS
Exploits5References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-17781

Malware in sbrugna...

6.1CVSS6.2AI score0.03342EPSS
Exploits5References6
RedhatCVE
RedhatCVE
added 2025/05/22 4:56 p.m.9 views

CVE-2020-18468

Cross Site Scripting XSS vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM9.1/index.php/configuration...

5.4CVSS5.7AI score0.00413EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.7 views

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

5.4CVSS6.4AI score0.00849EPSS
Exploits0
Packet Storm
Packet Storm
added 2023/04/26 12:0 a.m.417 views

qdPM 9.1 Cross Site Scripting

Exploit Title: qdPM 9.x -bindtype - Cross-Site Scripting Exploit Author: Or4nG.M4n Date : 4/26/2023 Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 , 9.1 XSS Reflected . GET...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/30 6:47 p.m.181 views

Metasploit Weekly Wrap-Up

Veritas Backup Exec Agent RCE This module kindly provided by c0rs targets the Veritas Backup Exec Agent in order to gain RCE as the system/root user. The exploit itself is actually a chain of 3 separate CVEs CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878 which only makes it more impressive...

9CVSS0.99998EPSS
Exploits49
0day.today
0day.today
added 2022/09/29 12:0 a.m.580 views

qdPM 9.1 Authenticated Shell Upload Exploit

A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users'photoppreview' delete photo feature thus allowing bypass of .htaccess...

8.8CVSS9.2AI score0.83235EPSS
Exploits18
0day.today
0day.today
added 2022/05/26 12:0 a.m.453 views

qdPM 9.1 - Remote Code Execution (Authenticated) Exploit

Exploit Title: qdPM 9.1 - Remote Code Execution RCE Authenticated Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Original Exploit Author: Rishal Dwivedi Loginsoft Original ExploitDB ID: 47954 https://www.exploit-db.com/exploits/47954 Exploit Author: Leon Trappett thepcn3rd Vendor...

8.8CVSS0.83235EPSS
Exploits16
Packet Storm
Packet Storm
added 2022/05/26 12:0 a.m.260 views

qdPM 9.1 Remote Code Execution

Exploit Title: qdPM 9.1 - Remote Code Execution RCE Authenticated Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Date: 2021-08-03 Original Exploit Author: Rishal Dwivedi Loginsoft Original ExploitDB ID: 47954 https://www.exploit-db.com/exploits/47954 Exploit Author: Leon Trappett...

8.8CVSS8.7AI score0.83235EPSS
Exploits16
Exploit DB
Exploit DB
added 2022/05/25 12:0 a.m.395 views

qdPM 9.1 - Remote Code Execution (RCE) (Authenticated) (v2)

Exploit Title: qdPM 9.1 - Remote Code Execution RCE Authenticated Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Date: 2021-08-03 Original Exploit Author: Rishal Dwivedi Loginsoft Original ExploitDB ID: 47954 https://www.exploit-db.com/exploits/47954 Exploit Author: Leon Trappett...

8.8CVSS8.7AI score0.83235EPSS
Exploits16
NVD
NVD
added 2021/08/26 6:15 p.m.21 views

CVE-2020-18468

Cross Site Scripting XSS vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM9.1/index.php/configuration...

5.4CVSS0.00413EPSS
Exploits1References1
Prion
Prion
added 2021/08/26 6:15 p.m.14 views

Cross site scripting

Cross Site Scripting XSS vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM9.1/index.php/configuration...

3.5CVSS5.1AI score0.00413EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/08/26 5:28 p.m.52 views

CVE-2020-18468

CVE-2020-18468 affects qdPM 9.1. An XSS exists in the Login Page heading field under the General menu, exploitable via a crafted website name through an authenticated POST to /qdPM_9.1/index.php/configuration. The issue stems from insufficient input validation on the heading, enabling client-side...

5.4CVSS5.1AI score0.00413EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/26 5:28 p.m.23 views

CVE-2020-18468

Cross Site Scripting XSS vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM9.1/index.php/configuration...

5.1AI score0.00413EPSS
Exploits1References1
Rows per page
Query Builder