CVE-2026-1481

CVE-2026-1481 describes an out-of-band SQL injection affecting the Performance Evaluation (EDD) application from Gabinete Técnico de Programación. The vulnerability targets the Id_usuario parameter in /evaluacion_objetivos_anyo_sig_ver_auto.aspx, enabling an attacker to exfiltrate sensitive data ...

CVE-2026-1477

CVE-2026-1477 affects the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. Affected component: API endpoints handling the parameters in the old evaluation page (/evaluacion_competencias_evalua_old.aspx), specifically Id_usuario and Id_evaluacion. Root cause: out-of-ba...

CVE-2026-1476

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in ‘/evaluacionaccionesverauto.aspx’, could allow an attacker to extract...

CVE-2026-1475 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter ‘Idusuario' in ‘/evaluacionaccionesevalua.aspx’, could allow an attacker to extract...

CVE-2026-1475

CVE-2026-1475 affects Gabinete Técnico de Programación’s Performance Evaluation (EDD) application. Affected component: the out‑of‑band SQL injection in the Id_usuario parameter of /evaluacion_acciones_evalua.aspx. Root cause is an SQL injection that allows extracting sensitive data via external c...

CVE-2026-1473 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario’ in '/evaluacioncompetenciasevalua.aspx', could allow an attacker to extract...

Quatuor Evaluation of Performance SQL Injection Vulnerability

Quatuor Evaluación de Desempeño is a performance evaluation system developed by the Spanish company Quatuor. Quatuor Evaluación de Desempeño has a SQL injection vulnerability. This vulnerability stems from an external SQL injection in the parameter Idusuario within the...

PT-2025-46828

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in ‘/ajax/TInnova v2/Formulario...

EUVD-2010-1731

Malware in sbrugna...

CVE-2025-5179

A vulnerability classified as problematic was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected by this vulnerability is an unknown functionality of the file /adm/index.php of the component Cadastro de Administrador Page. The manipulation of the argument Name/Usuário leads to...

CVE-2025-5177

A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been rated as problematic. This issue affects some unknown processing of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument Usuário leads to cross site scripting. The...

CVE-2025-5172

A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown function of the file /valida. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

Econtrata 注入漏洞

Econtrata is an application from Econtrata, Inc. An injection vulnerability exists in Econtrata 20250516 and earlier versions, which stems from a parameter usuario operation leading to SQL injection...

Realce Tecnologia Queue Ticket Kiosk 代码注入漏洞

Realce Tecnologia Queue Ticket Kiosk is a queue management software from Realce Tecnologia. A code injection vulnerability exists in Realce Tecnologia Queue Ticket Kiosk 20250517 and prior versions, which stems from a parameter Name/Usuário operation leading to cross-site scripting...

PT-2025-6107 · Pix · Pix Software Vivaz

Name of the Vulnerable Software and Affected Versions: Pix Software Vivaz version 6.0.10 Description: A critical issue has been found in the code related to the /servlet?act=login file, where manipulation of the usuario argument can lead to SQL injection. This issue can be exploited remotely. The...

Pix Software Vivaz 安全漏洞

Pix Software Vivaz is an application from Pix Software. A security vulnerability exists in Pix Software Vivaz version 6.0.10, which stems from the usuario parameter in the /servlet?act=login location contains a SQL injection vulnerability...

TreasureHunt 注入漏洞

TreasureHunt is an automated problem generation tool and challenge-based competition for teaching computer security open-sourced by TreasureHuntGame. An injection vulnerability exists in TreasureHunt version 963e0e0 and prior versions, which stems from the fact that incorrect manipulation of the...

PT-2024-38076 · Forip Tecnologia · Forip Tecnologia Administração Pabx

Name of the Vulnerable Software and Affected Versions: ForIP Tecnologia Administração PABX versions 1.x Description: A critical issue has been found in the Authentication Form component, affecting the /login file. The manipulation of the usuario argument leads to sql injection. This issue can be...

CVE-2010-1711

CVE-2010-1711 concerns the Siestta 2.0 web app. The vulnerability is an XSS in carga_foto_al.php, exploitable when register_globals is enabled, allowing an attacker to inject arbitrary script via the usuario parameter. Reported impact aligns with partial integrity impact and no confidentiality/av...

CVE-2010-1711

Cross-site scripting XSS vulnerability in cargafotoal.php in Siestta 2.0, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter...