CVE-2026-1133 Yonyou KSOA HTTP GET Parameter folder.jsp sql injection

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has...

CVE-2026-1133

CVE-2026-1133 affects Yonyou KSOA 9.0. The vulnerable element is the HTTP GET Parameter Handler in the file /kmf/folder.jsp; manipulating the directory parameter folderid enables an SQL injection. The attack surface is remote, and the vulnerability has been publicly disclosed. Multiple connected ...

Linux Distros Unpatched Vulnerability : CVE-2018-1133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection...

CVE-2025-1133

creationtimestamp| type| source ---|---|--- 2025-02-19 09:15:49+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lijgtzz5f42t 2025-02-19 11:01:48+00:00| published-proof-of-concept| Telegram/rLhwLXcL8Mn4otgpYmghgpVIj1d3aqFIFfUfzqDCbnUja0 2025-02-19 12:01:23+00:00| seen|...

CVE-2025-1133

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper...

CVE-2025-1133

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper...

CVE-2025-1133 SQL Injection in ChurchCRM EID Parameter via EditEventAttendees.php

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper...

CVE-2025-1133 SQL Injection in ChurchCRM EID Parameter via EditEventAttendees.php

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper...

openSUSE Security Advisory (SUSE-SU-2024:1133-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1133

creationtimestamp| type| source ---|---|--- 2024-03-08 22:31:48+00:00| seen| https://t.me/ctinow/203627...

CVE-2024-1133

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attacker...

CVE-2024-1133

The Tutor LMS WordPress plugin (versions up to and including 2.6.0) is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions.Authenticated users with subscriber access or higher can interact with questions in courses they are...

CVE-2018-1133

creationtimestamp| type| source ---|---|--- 2023-12-22 19:47:54+00:00| seen| https://t.me/arpsyndicate/2067 2024-04-24 20:30:04+00:00| seen| https://t.me/arpsyndicate/4813...

Metasploit Weekly Wrap-Up

MOVEit It has been a busy few weeks in the security space; the MOVEit vulnerability filling our news feeds with dancing lemurs and a Barracuda vulnerability that has us all wondering how many shredders out there can handle a 1U appliance. Despite those very worthwhile distractions, Metasploit has...

Delta Electronics InfraSuite Device Master Deserialization

Delta Electronics InfraSuite Device Master versions below v1.0.5 have an unauthenticated .NET deserialization vulnerability within the 'ParseUDPPacket' method of the 'Device-Gateway-Status' process. The 'ParseUDPPacket' method reads user-controlled packet data and eventually calls...

Delta Electronics InfraSuite Device Master Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Delta Electronics InfraSuite Device Master Deserialization', 'Description' = %q Delta Electronics InfraSuite Device Master versions below v1.0.5...

Delta Electronics InfraSuite Device Master Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Delta Electronics InfraSuite Device Master Deserialization', 'Description' = %q Delta Electronics InfraSuite Device Master versions below v1.0.5...

Delta Electronics InfraSuite Device Master Gateway Deserialization of Untrusted Data (CVE-2023-1133)

Binary data deltaelectronicsidmcve-2023-1133.nbin...

CVE-2023-1133

Summary of CVE-2023-1133 (Delta Electronics InfraSuite Device Master) Affected software: InfraSuite Device Master versions prior to 1.0.5. The vulnerability targets the Device-status service, which by default listens on UDP port 10100. The service deserializes unverified UDP packets, allowing an ...

CVE-2023-1133

creationtimestamp| type| source ---|---|--- 2023-03-23 14:19:08+00:00| seen| https://t.me/truesecator/4205 2023-03-27 18:20:10+00:00| seen| https://t.me/cibsecurity/60787 2023-06-08 13:56:26+00:00| seen|...