CVE-2026-50636

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

CVE-2026-33651

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL...

CVE-2026-33651

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL...

CVE-2026-33651 AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL...

EUVD-2015-5902

Malware in sbrugna...

CVE-2024-39072

AMTT Hotel Broadband Operation System HiBOS v3.0.3.151204 is vulnerable to SQL injection via manager/conference/calendarremind.php...

PT-2024-28345 · Amtt · Amtt Hotel Broadband Operation System

Name of the Vulnerable Software and Affected Versions: AMTT Hotel Broadband Operation System HiBOS version 3.0.3.151204 Description: The issue concerns SQL injection via the "manager/conference/calendar remind.php" API endpoint. This allows for potential unauthorized access to sensitive data...

CVE-2024-39072

AMTT Hotel Broadband Operation System HiBOS v3.0.3.151204 is vulnerable to SQL injection via manager/conference/calendarremind.php...

CVE-2024-39072

Affected software : AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204. Vulnerability : SQL injection via the API endpoint manager/conference/calendar_remind.php. Root cause / details : Documented as a SQL injection vulnerability reachable through the mentioned endpoint. No exploitation ...

OPENSUSE-SU-2024:10089-1 remind-3.1.15-1.7 on GA media

These are all security issues fixed in the remind-3.1.15-1.7 package on the GA media of openSUSE Tumbleweed...

Debian: Security Advisory (DLA-289-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2015-5957

Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to 1 stats/index.php or 2 newsletters/edition.php or the 3 username parameter to users/remindpassword.php, 4 days parameter to...

volunteerteam.london.gov.uk XSS vulnerability

Open Bug Bounty ID: OBB-591993 Description| Value ---|--- Affected Website:| volunteerteam.london.gov.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

arkcda2.org XSS vulnerability

Open Bug Bounty ID: OBB-580075 Description| Value ---|--- Affected Website:| arkcda2.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

kuvalda.ru XSS vulnerability

Vulnerable URL: http://www.kuvalda.ru/member/remind/ Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 10:41 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

Mageia: Security Advisory (MGASA-2015-0299)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Remind electronic calendar allows a perpetrator to execute arbitrary codes or trigger a service failure.

The vulnerability of the DumpSysVar function in the Remind electronic calendar program is caused by buffer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

CVE-2015-5957

Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name...

CVE-2015-5957

Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name...