Moodle SQL注入漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. An attacker exploited the vulnerability to perform a SQL injection attack...

Progress Software MOVEit Transfer SQL注入漏洞

Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A SQL injection vulnerability exists in Progress Software MOVEit Transfer. An unauthenticated attacker could use this vulnerability to gain unauthorized access to the database, which could be used ...

Hitron Technologies CODA-5310 Remote Command Execution Vulnerability

Hitron Technologies CODA-5310 is a wireless router. The Hitron Technologies CODA-5310 suffers from a remote command execution vulnerability that can be exploited by an attacker to perform a command injection attack using the administration page to execute arbitrary system commands, manipulate the...

Design/Logic Flaw

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opene...

snapd 注入漏洞

snapd is an open source, cross-platform package management tool. A security vulnerability exists in snapd, which originates from an unrestricted system call, and can be exploited by an attacker to conduct an injection attack on the terminal...

CVE-2023-31145 Reflected XSS vulnerability in CollaboraOnline

Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account...

PT-2023-23484 · Sourcecodester · Sourcecodester Faculty Evaluation System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Faculty Evaluation System version 1.0 Description: The issue is related to SQL Injection, which can be exploited via the "/eval/admin/view faculty.php?id=" endpoint. This allows for potential manipulation of database queries...

Online DJ Management System Cross-Site Scripting Vulnerability

Online DJ Management System is an online DJ management system. A cross-site scripting vulnerability exists in Online DJ Management System version 1.0, which originates from cross-site scripting due to an incorrect manipulation of the parameter name. An attacker can exploit this vulnerability by...

Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Go to this page:...

CVE-2023-1964

A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file recovery.php of the component Password Reset. The manipulation of the argument uname/mobile leads to sql injection. It is possible to launch the attac...

CVE-2023-29374

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...

Mastodon 注入漏洞

Mastodon is an open source social network server based on ActivityPub. An injection vulnerability exists in Mastodon version 2.5.0 and later versions, which stems from an insecure LDAP query at login. An attacker can exploit this vulnerability to disclose arbitrary attributes of the LDAP database...

Security Bulletin: IBM Security Verify Access Appliance includes components with known vulnerabilities (CVE-2022-29154, CVE-2022-0391)

Summary Multiple Security Vulnerabilities were found in the IBM Security Verify Access ISVA Appliance Operating System layer. These vulnerabilities have been addressed in ISVA 10.0.5.0, which is linked below. Vulnerability Details CVEID:CVE-2022-29154 DESCRIPTION: Rsync could allow a remote...

CVE-2023-28677

The CVE-2023-28677 entry concerns the Jenkins Convert To Pipeline Plugin (1.0 and earlier). The vulnerability arises from using basic string concatenation to convert Freestyle projects’ Build Environment, Build Steps, and Post-build Actions into Pipeline invocations, enabling an attacker who can ...

Online Pizza Ordering System SQL注入漏洞

Online Pizza Ordering System is an online pizza ordering system by Carlo Montero, an individual developer. A security vulnerability exists in Online Pizza Ordering System version 1.0, which is caused by a SQL injection vulnerability via the id parameter in /admin/vieworder.php...

Debian: Security Advisory (DLA-745-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-25432

An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer0/admins/assessments/course/course-update.php...

Input validation

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection...

CVE-2023-22579 Sequalize - Unsafe fall-through in getWhereConditions

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection...

SUSE CVE-2005-2301

PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service failure to answer ldap questions and possibly conduct an LDAP injection attack...