CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-2952 Vaelsys HTTP POST Request tree_server.php os command injection

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

PT-2026-21451

Name of the Vulnerable Software and Affected Versions Vaelsys version 4.1.0 Description A flaw exists in Vaelsys 4.1.0 related to the HTTP POST Request Handler component. Specifically, manipulation of the xajaxargs argument within a request to the file '/tree/tree server.php' can lead to operatin...

📄 Online Vehicle Service Management System 1.0 Add Administrator

Proof of concept add administrator exploit for Online Vehicle Service Management System version 1.0 that leverages a missing authentication vulnerability. ============================================================================================================================================= ...

Vaelsys V4 安全漏洞

Vaelsys V4 is an artificial intelligence video analytics platform from Vaelsys, Spain. A security vulnerability exists in Vaelsys V4 version .1.0, which stems from the manipulation of the parameter xajaxargs in the file /grid/vgridserver.php resulting in the use of a weak hash...

CVE-2025-7102

A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2024-42640

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

angular-base64-upload 安全漏洞

angular-base64-upload is a library by the individual developers of Adones Pitogo. A security vulnerability exists in angular-base64-upload prior to version 0.1.21, which stems from vulnerability to an unauthenticated remote code execution attack via demo/server.php...

SUSE CVE-2018-6382

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on...

PT-2023-8920 · Libpcap +10 · Libpcap +10

Name of the Vulnerable Software and Affected Versions: libcap affected versions not specified Description: A vulnerability was found in libcap, specifically in the libcap strdup function, which can lead to an integer overflow if the input string is close to 4GiB. This issue may allow an attacker ...

CVE-2015-10086

A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling...

Sql injection

A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling...

CVE-2015-10086

The CVE-2015-10086 entry affects OpenCycleCompass server-php, specifically the api1/login.php function where manipulation of the user parameter enables a remote SQL injection. Affected component: server-php; vulnerability is due to unsafely handled user input in login logic. Impact stated as remo...

PT-2023-10265 · Unknown · Opencyclecompass Server-Php

Name of the Vulnerable Software and Affected Versions: OpenCycleCompass server-php affected versions not specified Description: A critical issue was found in OpenCycleCompass server-php, where the manipulation of the user argument leads to sql injection. This can be exploited remotely. The issue...

OpenCycleCompass server-php SQL注入漏洞

server-php is an OpenCycleCompass open source server for iBis applications. An SQL injection vulnerability exists in OpenCycleCompass server-php, which stems from an incorrect manipulation of the parameter user resulting in sql injection...

PT-2023-9940 · Unknown · Ahmyi Rivettracker

Name of the Vulnerable Software and Affected Versions: ahmyi RivetTracker affected versions not specified Description: A problematic issue has been found in ahmyi RivetTracker, affecting some unknown processing. The manipulation of the argument $ SERVER'PHP SELF' leads to cross site scripting. Th...

CVE-2022-3881

CVE-2022-3881 concerns the WordPress WPTools plugin, affected versions before 3.43. The issue is improper authorization and CSRF in an AJAX action, allowing any authenticated user (e.g., a subscriber) to install and activate arbitrary plugins from wordpress.org. Root cause: missing CSRF/authoriza...

CVE-2020-9267

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajaxserver.php...

LiveZilla Server SQL Injection Vulnerability

LiveZilla Server is a free online customer service system from LiveZilla Germany. The system provides real-time monitoring of visitors, offline messages, GeoTracking map tracking, access statistics, online chat and other features. A SQL injection vulnerability exists in the server.php file in...