67 matches found
CVE-2025-10212 SiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information Exposure
The SiteAlert Formerly WP Health plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to view the site health information, includi...
CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...
CVE-2025-52085
An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...
PT-2025-34475 · Yoosee · Yoosee
Name of the Vulnerable Software and Affected Versions: Yoosee version 6.32.4 Description: An SQL injection flaw exists in the Yoosee application that allows authenticated users to inject arbitrary SQL queries through a request to a backend API endpoint. Successful exploitation can lead to the...
CVE-2025-55674 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions
A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...
NotrinosERP 0.7 SQL Injection
Exploit Title: NotrinosERP 0.7 - Authenticated Blind SQL Injection Date: 11-03-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md Software Link: https://github.com/notrinos/NotrinosERP/releases/tag/0.7 Vendor Homepage:...
NotrinosERP 0.7 - Authenticated Blind SQL Injection
Exploit Title: NotrinosERP 0.7 - Authenticated Blind SQL Injection Date: 11-03-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md Software Link: https://github.com/notrinos/NotrinosERP/releases/tag/0.7 Vendor Homepage:...
Nokia Broadcast Message Center SQL Injection Vulnerability (CNVD-2022-68946)
Nokia Broadcast Message Center is a broadcast message center for Nokia Finland to manage alerts. An SQL injection vulnerability exists in Nokia Broadcast Message Center 11.1.0 and earlier versions, which originates in /owui/block/send-receive-updates extIdentifier HTTP POST parameter is missing...
CVE-2021-35487
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
Nokia Broadcast Message Center SQL注入漏洞
Nokia Broadcast Message Center is a broadcast message center for Nokia Finland to manage alerts. An SQL injection vulnerability exists in Nokia Broadcast Message Center 11.1.0 and earlier versions, which originates in /owui/block/send-receive-updates extIdentifier HTTP POST parameter is missing...
Exploit for SQL Injection in Casbin Casdoor
POC for CVE-2022-24124 Exploit Code for CVE-2022-24124ht...
CVE-2021-20618
Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors...
CVE-2019-19163
A Vulnerability in the firmware of COMMAX WallPadCDP-1020MB allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL...
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Exploit
Exploit for java platform in category web applications Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage:...
Veeam Backup & Replication upgrade fails with an error "Database version downgrade detected ... Reboot and restart the setup"
Challenge The upgrade to Veeam Backup & Replication U4 fails with "Database version downgrade detected ... Reboot and restart the setup". You may find following error in the C:\ProgramData\Veeam\Setup\Temp\BackupSrvLog.log: Veeam SRV: 31.01.2019 11:39:43: VEEAM Database version has been increment...
The wrong database version is being used. Found version: xx Expected version number: xx
PVS - 7.1 upgrade to 7.8 - The wrong database version is being used. Found version: xx Expected version number: xx...
WordPress Survey And Poll 1.5.7.3 SQL Injection
Exploit Title: Wordpress Plugin Survey & Poll 1.5.7.3 - 'sssparams' SQL Injection Date: 2018-09-09 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: http://modalsurvey.pantherius.com/ Software Link: https://downloads.wordpress.org/plugin/wp-survey-and-poll.zip Version: 1.5.7.3 Tested on:...
U.S. Dept Of Defense: SQL Injection vulnerability located at ████████
Summary: I have found a SQL Injection at ███████ in the ████ Portal. Description: The SQL injection is being caused by the unsanitized parameter of itemID= i immediately stopped testing when i verified it was possible to get the Current user and version of the Database. 1.The vulnerable url is :...
Security Bulletin: Potential security vulnerabilities in current IBM Informix Database for IBM Tivoli Network Manager IP Edition version 3.9
Summary Potential security exposure in IBM Informix Database shipped with IBM Tivoli Network Manager IP Edition version 3.9. Vulnerability Details Tivoli Network Manager IP Edition 3.9 is shipped with an IBM Informix database. IBM Informix database has released several security patches which...
Microsoft SQL Database Attacking Tool: MSDAT
MSDAT M icro s oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...