482 matches found
Hospital Management Startup 1.0 - (Multiple) SQL injection Vulnerability
Exploit Title: Hospital Management Startup 1.0 - 'loginid' SQLi Exploit Author: nu11secur1ty Vendor: https://github.com/kabirkhyrul Software: https://github.com/kabirkhyrul/HMS CVE-2022-23366 Description: The loginid and password parameters from Hospital Management Startup 1.0 appear to be...
Design/Logic Flaw
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...
CVE-2022-0391
CVE-2022-0391 affects the Python urllib.parse.urlparse path handling, where input is not sanitized and allows literal CR/LF characters, enabling crafted URLs to trigger injection-like issues. Public docs (Python history, Debian LTS/DLA notes, Astra Linux bulletin) corroborate that the vulnerabili...
Mageia: Security Advisory (MGASA-2014-0488)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-0391
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...
IBX-1392: Image filenames sanitization
ezsystems/ezpublish-kernel versions 7.5. before 7.5.26 are vulnerable to certain injection attacks and unauthorized access to some image files...
GHSA-44M4-9CJP-J587 IBX-1392: Image filenames sanitization
ezsystems/ezpublish-kernel versions 7.5. before 7.5.26 are vulnerable to certain injection attacks and unauthorized access to some image files...
What is API Abuse ❓ Prevention measures.
APIs are paramount for constructing a steadfast and constant communication bridge that empowers devices to pass-on desired information seamlessly. Hackers adopt many ways to exploit the APIs and corrupt the targeted device. This API exploitation is a potential threat to API security and needs...
What is API Abuse ❓ Prevention measures.
APIs are paramount for constructing a steadfast and constant communication bridge that empowers devices to pass-on desired information seamlessly. Hackers adopt many ways to exploit the APIs and corrupt the targeted device. This API exploitation is a potential threat to API security and needs...
Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2021-1775)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1775 advisory. - Bug 1914396 - CVE-2021-20179 pki-core:10.6/pki-core: Unprivileged users can renew any certificate - CVE-2020-1695: Improper validation of response header in...
CVE-2021-34712
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...
Cross-site Scripting (XSS) - Reflected in zikula/core
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC.js POST /categories/admin/category/contextMenu HTTP/2 Host: demo.ziku.la Cookie: zsid=a9b37grip4in2kp0j6kaugdvrh...
GHSA-9CX9-X2GP-9QVH CRLF vulnerability in Fiber
Impact The filename that is given in c.Attachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to...
Cisco Small Business Input Validation Error Vulnerability (CNVD-2021-37125)
Cisco Small Business is a switch from the American company Cisco Cisco. Cisco Small Business suffers from an Input Validation Error vulnerability that originates from an incorrect validation provided to the user. An attacker could exploit this vulnerability to perform command injection for attack...
Cisco Small Business Input Validation Error Vulnerability (CNVD-2021-37127)
Cisco Small Business is a switch from the American company Cisco Cisco. Cisco Small Business suffers from an Input Validation Error vulnerability that originates from an incorrect validation provided to the user. An attacker could exploit this vulnerability to perform command injection for attack...
SQL Injection in akshayp282/quizx
✍️ Description Course deletion on the teacher portal is vulnerable to SQL injection. This will allow a user to run arbitrary SQL queries and completely erase, export or change all information in the database - potentially rendering the entire platform unusable. 🕵️♂️ Proof of Concept - Log in to...
EulerOS 2.0 SP3 : xdg-utils (EulerOS-SA-2021-1861)
According to the version of the xdg-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER...
Backport for CVE-2021-21024 Blind SQLi from Magento 2
Impact This vulnerability allows an administrator unauthorized access to restricted resources. We fixed a vulnerability in the MySQL adapter to prevent SQL injection attacks. This is a backport of CVE-2021-21024 https://helpx.adobe.com/security/products/magento/apsb21-08.html. Patches Has the...
CVE-2021-1349
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management...
Input validation
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management...