NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2024-0050)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow...

PT-2024-39101 · Sourcecodester · Sourcecodester Php Crud

Name of the Vulnerable Software and Affected Versions: SourceCodester PHP CRUD version 1.0 Description: A critical issue has been identified, affecting the file /endpoint/update.php. The manipulation of the arguments tbl person id, first name, middle name, and last name can lead to SQL injection...

SportsNET SQL注入漏洞

SportsNET is a sports event network application from SportsNET, Inc. SportsNET suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve, update, and delete all information in the database via a specially crafted SQL query...

ZOHO ManageEngine Password Manager Pro 安全漏洞

ZOHO ManageEngine Password Manager Pro is a password manager from ZOHO, Inc. A security vulnerability exists in ZOHO ManageEngine Password Manager Pro prior to version 12431 and ManageEngine PAM360 prior to version 7001, which stems from a failure to properly filter input via the global search...

CVE-2024-8217

A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has bee...

PT-2024-38695

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Clinics Patient Management System. The issue affects the file /pms/ajax/get packings.php, where the...

CVE-2024-41711

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 R6.4.0.136 could allow an unauthenticated attacker with physical access to the phone to conduct an argument injection attack, due to insufficient parameter...

CVE-2024-36034

Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option...

CVE-2024-41710

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 R6.4.0.136 could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter...

PT-2024-25599 · Paypal · Paypal

Name of the Vulnerable Software and Affected Versions: PayPal, Credit Card and Debit Card Payment version 1.0 Description: A SQL injection issue affects the payment system, allowing an attacker to send a specially crafted query to the server. This could enable the retrieval of all stored...

CVE-2024-38886

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel...

PT-2024-28253 · Horizon Business Services Inc. · Caterease

Name of the Vulnerable Software and Affected Versions: Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 Description: The issue allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used ...

CVE-2024-7371 SourceCodester Simple Realtime Quiz System quiz_view.php sql injection

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /quizview.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

CVE-2024-5765

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

IBM InfoSphere Information Server SQL注入漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server version 11.7 suffers from a SQL injection vulnerability that...

Apache StreamPark: FreeMarker SSTI RCE Vulnerability

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4...

CVE-2024-29178

Apache StreamPark before version 2.1.4 is affected by a FreeMarker SSTI vulnerability that an authenticated user can exploit to achieve Remote Code Execution on the server. Root cause: template injection via FreeMarker in the application, with high impact (CVE-2024-29178). Remediation: upgrade to...

CVE-2024-6808 itsourcecode Simple Task List signUp.php insertUserRecord sql injection

A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

Exploit for Code Injection in Vmware Cloud_Foundation

Privilege Escalation: VMware vCenter Server Authenticated RCE...

VMware Aria Automation Security Vulnerability

VMware Aria Automation is a modern workflow automation platform from VMware that simplifies and automates complex data center infrastructure tasks to improve scalability and agility. A security vulnerability exists in VMware Aria Automation that stems from a failure to apply proper input...