78 matches found
CVE-2018-10547
Removed by vendor...
CVE-2018-10547
An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...
Artica Pandora FMS Information Disclosure Vulnerability
Artica Pandora FMS Flexible Monitoring System is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS version 7.0. The vulnerability can be...
tomcat: Calls to application listeners did not use the appropriate facade object
A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web...
[20170501] - Core - SQL Injection
Inadequate filtering of request data leads to a SQL Injection vulnerability...
Joomla3 -- SQL Injection
JSST reports: Inadequate filtering of request data leads to a SQL Injection vulnerability...
[20151207] - Core - SQL Injection
Inadequate filtering of request data leads to a SQL Injection vulnerability...
[20151001] - Core - SQL Injection
Inadequate filtering of request data leads to a SQL Injection vulnerability...
JBoss 3.x/4.0.2 Malformed HTTP Request Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13985/info JBoss is prone to a remote information-disclosure vulnerability. The issue occurs in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplied request data. Informatio...
CVE-2012-2661
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...
SQLAlchemy SQL injection
SQL request data is not checked...
DSA-1843-1 squid3 - denial of service
Bulletin has no description...
facilcms-lfi.txt
======================================================= Facil-CMS 0.1RC Local File Inclusion Vulnerabilities ======================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...
FOG Forum 0.8.1 Multiple Local File Inclusion Vulnerabilities
Exploit for unknown platform in category web applications ============================================================= FOG Forum 0.8.1 Multiple Local File Inclusion Vulnerabilities ============================================================= =====================================================...
MS Windows Message Queuing Service RPC BOF Exploit (dnsname)
No description provided by source. / Windows Message Queuing Service Remote RPC BOF Exploit MS07-065 Mod of axis's code. CHANGELOG - added dnsname as a parameter, before it was hardcoded in the request data. Marcin Kozlowski Provided for legal security research and testing purposes ONLY Go throug...
Oracle Forms SQL injection
Form request data is not validated...
CVE-2025-58694
...
CVE-2025-58170
...