CVE-2026-9721

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

CVE-2026-30778

CVE-2026-30778 affects Apache SkyWalking OAP where the /debugging/config/dump endpoint may leak sensitive configuration data (including MySQL/PostgreSQL-related details) in versions 9.7.0 through 10.3.0. The exposure is tied to the configuration dump functionality, potentially revealing credentia...

EUVD-2017-2808

Malware in sbrugna...

EUVD-2021-11440

Malware in sbrugna...

CVE-2021-24528

The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting XSS vulnerability. Only...

The vulnerability of the LockDatabaseSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a hacker to circumvent security restrictions and gain access to write and read arbitrary files.

The vulnerability of the LockDatabaseSettings method in software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

The vulnerability of the UpdateDatabaseSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the UpdateDatabaseSettings method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the...

CVE-2025-32852

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fro...

CVE-2025-30032

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UnlockDatabaseSettings, which can be exploited by an attacker to bypas...

Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection

Title = Carbon Forum 5.9.0 - Multiple Exploits - Author = bRpsd [email protected] - Date Release = 22 June, 2024 - Vendor = Carbon Forum https://www.94cb.com/ Download = https://github.com/lincanbin/Carbon-Forum Vulnerable Versions = 5.9.0 = Tested Version = 5.9.0 on xampp Server. Vulnerability 1 :...

CVE-2023-35866

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...

Directory traversal

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...

CVE-2021-24528 FluentSMTP < 2.0.1 - Authenticated Stored XSS

The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting XSS vulnerability. Only...

PostgreSQL: Database settings for Compliance Tests

Allows to set various PostgreSQL database settings used for compliance tests. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sql injection

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

CVE-2017-11174

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery

Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ====================================...

Advanced Electron Forum 1.0.9 Cross Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current...

Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current...