SUSE CVE-2024-34062

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...

CVE-2024-34062 tqdm CLI arguments injection attack

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...

PT-2024-25674

Name of the Vulnerable Software and Affected Versions tqdm versions prior to 4.66.3 Description tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution...

UP-RESULT 0.1 2024 SQL Injection

Title: upresult0.1-2024 Multiple-SQLi Author: nu11secur1ty Date: 04/08/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference:...

BIT-TENSORFLOW-2020-15190 Segfault in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...

PT-2024-13736

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned. Description The issue is related to a Boolean-based SQL injection. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents...

101 News 1.0 - Multiple-SQLi

Title: 101 News-1.0 Multiple-SQLi Author: nu11secur1ty Date: 09/16/2023 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html Reference: https://portswigger.net/web-security/sql-injection Description: The searchtitle...

CVE-2021-43609

CVE-2021-43609 affects Spiceworks Help Desk Server prior to 1.3.3. A blind boolean SQL injection in the sort parameter via the order_by_for_ticket function (app/models/reporting/database_query.rb) allows an authenticated attacker to execute arbitrary SQL commands, enabling leakage of local files ...

Mozilla Firefox JIT Boolean Conversion Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation...

Taskhub CRM Tool 2.8.6 - SQL Injection Vulnerability

Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Tested on: Kali Linux & MacOS CVE: N/A Request GET /projects?filter=notstarted HTTP/1.1 Host: localhost...

OVOO Movie Portal CMS v3.3.3 - SQL Injection

Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...

CVE-2020-12243 - denial of service in filter.c in slapd in OpenLDAP

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. Products Confirmed Not Affected No Brocade Fiber Channel product from Broadcom products is affected by this vulnerability...

Loop condition that might prevent the function from correctly detecting range overlaps

Lines of code Vulnerability details Impact The loop iterates through each element in the stepList array and checks whether the new range overlaps with each existing range. However, the revert"Range overlap"; statement is placed inside the loop, which means that the moment any overlap is detected,...

The Shop 2.5 SQL Injection

Exploit Title: The Shop v2.5 - SQL Injection Date: 2023-06-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/the-shop/34858541 Demo Site: https://shop.activeitzone.com Tested on: Kali Linux CVE: N/A Request POST /api/v1/carts/add HTTP/1.1 Content-Type: application/json...

The Shop v2.5 - SQL Injection Vulnerability

Exploit Title: The Shop v2.5 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/the-shop/34858541 Demo Site: https://shop.activeitzone.com Tested on: Kali Linux CVE: N/A Request POST /api/v1/carts/add HTTP/1.1 Content-Type: application/json Accept:...

The Shop v2.5 - SQL Injection

Exploit Title: The Shop v2.5 - SQL Injection Date: 2023-06-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/the-shop/34858541 Demo Site: https://shop.activeitzone.com Tested on: Kali Linux CVE: N/A Request POST /api/v1/carts/add HTTP/1.1 Content-Type: application/json...

Expert Job Portal Management System 1.0 SQL Injection Vulnerability

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Vulnerability ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │...

MotoCMS 3.4.3 SQL Injection

Title: MotoCMS Version 3.4.3 - SQL Injection Author: tmrswrr Date: 01/06/2023 Vendor: https://www.motocms.com Link: https://www.motocms.com/website-templates/demo/189526.html Vulnerable Versions: MotoCMS 3.4.3 Description MotoCMS Version 3.4.3 SQL Injection via the keyword parameter. Steps to...

Anuko TimeTracker SQL注入漏洞

Anuko TimeTracker is an Anuko open source application . Provides a Web-based open source time tracking application written in PHP. A SQL injection vulnerability exists in versions prior to Anuko TimeTracker 1.22.11.5781, which stems from a Boolean-based SQL injection in Time Tracker invoices.php,...

PHPJabbers Simple CMS 5.0 SQL Injection

Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...