SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idanagrafica parameter in the init.php file. An attacker can extract sensitive database information, including...

CVE-2022-25626

An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session...

CVE-2025-1071

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...

CVE-2025-1239 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Blocked Sites List

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...

CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

PT-2022-17418 · Unknown · Identity Manager

Name of the Vulnerable Software and Affected Versions: Identity Manager affected versions not specified Description: An unauthenticated user can access specific page URLs of Identity Manager's management console. However, the system does not allow the user to carry out server-side tasks without a...

Vulnerability fixed in Typo3

The developers of Typo3 have fixed a vulnerability in Typo3 core. An unauthenticated malicious person could potentially exploit the vulnerability potentially exploit it to perform a Cross-site Request Forgery and thereby trick a victim into execute code under the malicious party's control. In the...

PT-2014-2868 · D Link · D-Link Dir-505L Shareport Mobile Companion +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-505L SharePort Mobile Companion version 1.01 D-Link DIR-826L Wireless N600 Cloud Router version 1.02 Description: The issue allows remote attackers to bypass authentication via a direct request when an authorized session is active...

phpBP <= RC3 (2.204) (sql/cmd) Remote Code Execution Exploit

No description provided by source. ? // //Kacper & str0ke Settings $exploitname = "phpBP = RC3 2.204 sql/cmd Remote Code Execution Exploit"; $scriptname = "phpBP RC3 2.204"; $scriptsite = "http://www.phpbp.com/"; $dork = 'Silnik strony jest chroniony prawami autorskimi PHP BP Team'; //to work...

phpBP <= RC3 (2.204) (sql/cmd) Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================================ phpBP = RC3 2.204 sql/cmd Remote Code Execution Exploit ============================================================ ? // //Kacper & str0ke Settings $exploitname = "phpBP = RC3...

Multiple vulnerabilities in Icewarp Web Mail 5.2.7

ShineShadow Security Report 10092004-01 TITLE: Multiple vulnerabilities in Icewarp Web Mail 5.2.7 BACKGROUND Merak Mail Server, with the revolutionary Merak Mail Server GroupWare Server, cutting-edge Merak Mail Server Instant Antispam and much more, is the fastest, most stable, secure and 100 vir...