CVE-2024-2339 Improper Input Validation in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule

PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous...

Dolibarr remote PHP code execution

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

Server-Side Request Forgery in calibreweb

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is a result of incomplete SSRF protection that can be bypassed via an HTTP redirect. An HTTP server set up to respond with a 302 redirect may redirect a request to localhost...

CVE-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

CVE-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

Code injection

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

CVE-2021-33816

CVE-2021-33816 affects Dolibarr 13.0.2: the website builder module enables remote PHP code execution because the protection mechanism blocks system, exec, and shell_exec but does not block backticks. This is the underlying root cause described across multiple sources (no public remediation detail...

CVE-2021-43188

In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete...

CVE-2021-43188

In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete...

Design/Logic Flaw

In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete...

Input validation

In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete...

CVE-2021-43189

In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete...

Debian DSA-4889-1 : mediawiki - security update

Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in incomplete page/blocking protection, denial of service or cross-site scripting. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Sql injection

An issue was discovered in SEMCMS 3.8. SEMCMSInquiry.php allows AID SQL Injection because the class.phpmailer.php injectchecksql protection mechanism is incomplete...

CVE-2019-11518

An issue was discovered in SEMCMS 3.8. SEMCMSInquiry.php allows AID SQL Injection because the class.phpmailer.php injectchecksql protection mechanism is incomplete...

CmsEasy最新版5.5_UTF-8_20140802两处SQL注入（指哪补哪的后果）

简要描述： CmsEasy官方8.2号，更新了CmsEasy5.5UTF-820140802.rar 并且发布了补丁CmsEasyforUploads20140802.rar 然后，下载了个最新的包，看了下，发现一处问题 这个问题打过补丁了，但是还是能从其他地方进行注入 详细说明： 首先来看看unionact.php： function registeraction $r = $this-union-getrowarray'userid'=$this-view-data'userid'; if$r echo 'alert"'.lang'你已经申请，转入联盟页面！'.'"';...