13 matches found
CVE-2026-34108 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in text.php
Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...
EUVD-2026-41066
Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...
CVE-2026-34108
The CVE-2026-34108 entry concerns Guardian Language-System. It describes an unauthenticated OS command injection in text.php where the id GET parameter is passed directly into exec("php jobs/text.php … ".$login_session." ".$_GET['id'].") without sanitization. This allows an unauthenticated remote...
EUVD-2006-6773
Malware in sbrugna...
CVE-2020-36653
A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The patch is...
Cross site scripting
A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The patch is...
CVE-2020-36653 GENI Portal error-text.php cross site scripting
A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The patch is...
CVE-2020-36653
CVE-2020-36653 affects GENI Portal. The vulnerability lies in the file portal/www/portal/error-text.php , where manipulating the error argument enables cross-site scripting (XSS) . The issue is exploitable remotely and affects unknown functionality within that PHP file. A patch identified as c235...
Remote Code Execution (RCE)
pimcore is vulnerable to remote code execution. The vulnerability exists in multiple functions of Mail.php and Text.php due to the user controlled twig template rendering which allows an attacker to inject and execute malicious query parameters to the server-side template...
N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability
No description provided by source. N/X - Web CMS N/X WCMS 4.5 Multiple Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'...
Cross-site Scripting (XSS) Vulnerabilities in HESK
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in HESK which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in HESK 1.1 The vulnerability exists due to input sanitation error in the "hesksettingstmptitle" a...
CVE-2009-2392
The vulnerability CVE-2009-2392 affects Virtuenetz Virtue Online Test Generator, specifically the text.php component. It allows SQL injection via the tid parameter, enabling remote attackers to execute arbitrary SQL commands. This is a client/server-side issue in the application’s handling of inp...
Ultimate PHP Board 2.0b1 - '/chat/login.php' Code Execution
!/usr/bin/perl +------------------------------------------------------------------------------------------- + Ultimate PHP Board +------------------------------------------------------------------------------------------- + Details: + Ultimate PHP Board chat/login.php does not sanatize the...