Important: systemd

Issue Overview: It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINEMAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the...

MTN Group: Cross-site Scripting (XSS) - Reflected

hello dear support Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates...

safe FME Server 跨站脚本漏洞

safe FME Server is an application from safe Canada. A web data conversion application. A security vulnerability exists in safe FME Server that allows remote attackers to gain administrator privileges via the login page by injecting arbitrary web script or HTML...

TYPO3 Dynamic Content Element SQL注入漏洞

TYPO3 Dynamic Content Element is a mobile application from the Swiss company TYPO3. TYPO3 Dynamic Content Element has a SQL injection vulnerability, which stems from insufficient filtering of user-supplied data and can be exploited by attackers to inject SQL to obtain data-sensitive information...

Design/Logic Flaw

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabri...

CVE-2021-23276

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base...

Prototype Pollution

changeset is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

OwnCloud Injection Vulnerability

OwnCloud is a suite of personal cloud storage solutions from OwnCloud USA. An injection vulnerability exists in OwnCloud client versions prior to 2.7, which can be exploited by an attacker to load development plugins from certain directories using the desktop client...

CVE-2021-27124

SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack...

Ubuntu: Security Advisory (USN-4736-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4736-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2020-26976,...

CVE-2021-21479

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...

Doctor Appointment System SQL注入漏洞

Sourcecodesterk Doctor Appointment System is an open source application from Sourcecodesterk. Provides an appointment function. Sourcecodesterk Doctor Appointment System version 1.0 contains a SQL injection vulnerability, which stems from the program does not adequately filter the searchresult.ph...

CVE-2021-21303 Injection attack in Helm

Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...

RockOA SQL注入漏洞

RockOA Xinhuo is an open source office OA system. Rockoa v1.8.7 version of the existence of SQL injection vulnerability , the vulnerability wwordAction.php parameters in the user input is not effectively filtered , a remote attacker by obtaining the injection of SQL statements to execute access t...

CVE-2021-3278

Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page...

CVE-2020-35723

CVE-2020-35723 : Reflected XSS in Quest Policy Authority (version 8.1.2.200) allows remote attackers to inject code via a crafted link to ReportPreview.do using the referer parameter. The vulnerability affects products no longer supported by the maintainer. Connected sources report no official fi...

Exploit for Code Injection in Microfocus Arcsight_Logger

CVE-2020-11851 Remote Code Execution vulnerability on ArcSig...

0D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)

0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language. 0d1n is a tool for automating customized attacks against web applications. Video demo: Tool functions: Brute force login and passwords in auth forms Directo...

Spiceworks 7.5 HTTP Header Injection

Exploit Title: Spiceworks 7.5 - HTTP Header Injection Google Dork: inurl:/prousers/login Discovered Date: 15/09/2020 Exploit Author: Ramikan Vendor Homepage: https://www.spiceworks.com Affected Version: 7.5.7.0 may be others. Tested On Version: 7.5.7.0 CVE : CVE-2020-25901 Vulnerability: Host...