143 matches found
EUVD-2022-44864
Malicious code in bioql PyPI...
EUVD-2022-44866
Malicious code in bioql PyPI...
EUVD-2022-44865
Malicious code in bioql PyPI...
EUVD-2022-45981
Malicious code in bioql PyPI...
EUVD-2022-31643
Malicious code in bioql PyPI...
Malicious code in como-espiar-whatsapp-de-forma-segura (npm)
The package como-espiar-whatsapp-de-forma-segura was found to contain malicious code...
MAL-2025-17438 Malicious code in como-espiar-whatsapp-de-forma-segura (npm)
The package como-espiar-whatsapp-de-forma-segura was found to contain malicious code...
CVE-2022-27104
An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3...
CVE-2019-5109
Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
CVE-2019-5110
Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
CVE-2019-5112
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...
CVE-2019-5111
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filtercat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters...
forma-baumgarten.de Improper Access Control vulnerability OBB-3778467
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Forma LMS 1.4 Database Disclosure
==================================================================================================================================== | Title : Forma lms v1.4 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bi...
Forma LMS <= 2.4.4 Improper Authentication Vulnerability
Forma LMS is prone to an improper authentication vulnerability. Copyright C 2022 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free...
Forma SPOT-LMS 3.2.1 Cross Site Scripting
Title: Forma SPOT-LMS-3.2.1 Cross-site scripting reflected RCE - reset mail vulnerability Author: nu11secur1ty Date: 11.07.2022 Vendor: https://www.spotlms.us/indexmulti.php The software is applied in the demo account: https://www.spotlms-anca-001.ovh/ Reference:...
Forma LMS <= 1.4.3 SQL Injection Vulnerability
Forma LMS is prone to an SQL injection vulnerability. Copyright C 2022 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...
Forma LMS <= 3.1.0 Multiple Vulnerabilities
Forma LMS is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation...
CVE-2022-42924
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'dynfilter' parameter in the...
CVE-2022-41680
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...