CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

Mageia: Security Advisory (MGASA-2018-0279)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-site Scripting (XSS) - Generic in projectsend/projectsend

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4ShellCVE-2021-44228 Demo !demo-scenariosimages/demo-...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j2 Replay Notes, for learning purposes only Reference:...

Huawei Emui and Magic UI Injection Attack Vulnerability

Huawei Emui is a mobile operating system developed on Android.Magic Ui is a mobile operating system developed on Android.An injection attack vulnerability exists in Huawei Emui and Magic UI. An attacker can exploit this vulnerability to affect service availability...

CVE-2021-37033

There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability...

Design/Logic Flaw

There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability...

CVE-2021-37033

There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability...

CVE-2021-37033

Technical details (affected products, versions, impact specifics) are not publicly available in the provided documents. Monitor for updates from primary vendors and security advisories.

Huawei Emui 注入漏洞

Huawei Emui is a mobile operating system developed on Android.Magic Ui is a mobile operating system developed on Android.An injection attack vulnerability exists in Huawei Emui and Magic UI. An attacker can exploit this vulnerability to affect service availability...

Sourcecodester Customer Relationship Management System SQL注入漏洞

Sourcecodester Customer Relationship Management System is an open source Php project. Sourcecodester Customer Relationship Management System CRM is vulnerable to SQL injection in v1.0, which can be exploited by attackers via the username field in "customer/login .php" in the username field to...

SQL Injection in forkcms/forkcms

Description When calling the url for deleting one or more tags, the parameter id is vulnerable for SQL injection. Proof of Concept Call an URL like this one as an authenticated user. http://forkcms.site/private/de/tags/massaction?token=n93e05rj0l&id=3;insert into usersemail,password,isgod values...

Sonicwall SonicOS 7.0 Host Header Injection

Exploit Title: Sonicwall SonicOS 7.0 - Host Header Injection Google Dork: inurl:"auth.html" intitle:"SonicWall" intitle:"SonicWall Analyzer Login" Discovered Date: 03/09/2020 Reported Date: 07/09/2020 Exploit Author: Ramikan Vendor Homepage:sonicwall.com Affected Devices: All SonicWall Next Gen 6...

Injection attack in Helm

...

Command injection

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands...

GamePress <= 1.1.0 - Reflected Cross-Site Scripting

The plugin does not escape the opedit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues Affected pages: op=engines, op=perspectives, op=modes, op=genres, op=themes, op=platforms alert'xss'" document.test.submit;...

Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Date: 16/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

No Patch for High-Severity Bug in Legacy IBM System X Servers

Two legacy IBM System x server models, retired in 2019, are open to attack and will not receive security patches, according to hardware maker Lenovo. However, the company is offering workaround mitigation. The two models, IBM System x 3550 M3 and IBM System x 3650 M3, are both vulnerable to comma...

Cross-site Scripting (XSS) - Reflected in sbrl/pepperminty-wiki

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...