Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 Exploit Description In Spring Cloud Funct...

PT-2023-10225 · Unknown · Lolfeedback

Name of the Vulnerable Software and Affected Versions: lolfeedback affected versions not specified Description: A critical issue has been found, affecting an unknown functionality, which leads to sql injection. Recommendations: At the moment, there is no information about a newer version that...

Remote code execution

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionalit...

CVE-2022-25027

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...

classroom-engagement-system SQL注入漏洞

classroom-engagement-system is a classroom engagement system by the individual developer Alexander Harding. A SQL injection vulnerability exists in classroom-engagement-system, which stems from a problem with some unknown functionality that can lead to sql injection...

CVE-2015-10036

A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this...

PT-2023-10215 · Dronfelipe +1 · Dronfelipe

Name of the Vulnerable Software and Affected Versions: kylebebak dronfelipe affected versions not specified Description: A critical issue has been identified, affecting an unknown functionality, which can be manipulated to lead to sql injection. Recommendations: Apply the patch...

GIGABYTE XTREME GAMING ENGINE < 1.26 Multiple Vulnerabilities

The version of GIGABYTE XTREME GAMING ENGINE installed on the remote host is prior to 1.26. It is, therefore, affected by multiple vulnerabilities as referenced in GIGABYTE security advisory 1801: - The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE befor...

CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection

Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...

CVE-2022-3343 WPQA < 5.9.3 - Missing validation lead to functionality abuse

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

Important: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-1092)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-125062

A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The identifier of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is...

GHSA-F259-H6M8-HM8M exec-local-bin vulnerable to Command Injection

Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization...

CVE-2022-25923

Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization...

IDOR allowing to see other users' entries

Description The exporting entry functionality is vulnerable to an IDOR attack. Proof of Concept 1. Create a new entry as an existing user. Let's say the entry's id is 1. 1. Create a new user and login as them. 1. Go to http://localhost:8000/export/1.txt...

NeoXplora 跨站脚本漏洞

NeoXplora is an application by kkokko Personal Developer. NeoXplora suffers from a cross-site scripting vulnerability that stems from some unknown functionality of the component Trainer Handler, which leads to cross-site scripting...

CVE-2022-43931

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...

ISC BIND DoS Vulnerability (CVE-2014-8680) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2022-46584

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%dvap%d.maclist parameter in the kickbanwifimacdeny sub415D7C function...