678 matches found
CVE-2024-45174
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrar...
CVE-2024-45174
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrar...
CVE-2024-45174
CVE-2024-45174 affects za-internet C-MOR Video Surveillance versions 5.2401–6.00PL01. The issue is an SQL injection in the web interface caused by improper validation of user-supplied data, enabling an authenticated user to execute arbitrary SQL commands in the MySQL database. CVSSv3.1 base score...
CVE-2024-45174
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrar...
PT-2024-31458 · Za Internet · Za-Internet C-Mor Video Surveillance
Name of the Vulnerable Software and Affected Versions: za-internet C-MOR Video Surveillance versions 5.2401 through 6.00PL01 Description: An issue was discovered due to improper validation of user-supplied data, making different functionalities of the C-MOR web interface vulnerable to SQL injecti...
CodeAstro Online Railway Reservation System 跨站脚本漏洞
CodeAstro Online Railway Reservation System is a full-featured CodeAstro project based on the Online Railway Reservation System project, which uses PHP language and MySQL database. A cross-site scripting vulnerability exists in CodeAstro Online Railway Reservation System version 1.0, which stems...
CVE-2024-40392
SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php...
Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2
Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...
CVE-2023-51588
Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute...
mysql: Server: DML unspecified vulnerability (CPU Apr 2024)
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: DML. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability ...
WordPress Plugin RegistrationMagic 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress...
Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)
Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a code injection vulnerability that stems from the application's failure to properly filter...
GHSA-66J8-C83M-GJ5F Apache Zeppelin remote code execution by adding malicious JDBC connection string
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to versio...
CVE-2024-31864
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to versio...
CVE-2024-31864 Apache Zeppelin: Remote code execution by adding malicious JDBC connection string
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to versio...
CVE-2024-31864 Apache Zeppelin: Remote code execution by adding malicious JDBC connection string
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to versio...
CVE-2024-31864
CVE-2024-31864 affects Apache Zeppelin prior to 0.11.1, enabling code injection when establishing a MySQL JDBC connection. The issue is described as improper control of generation of code, with a CVSS v3.1 base score of 9.8 (Network, HIGH impact on confidentiality, integrity, and availability). T...
编号撤回
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...
PT-2024-24252 · Apache · Apache Zeppelin
Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions prior to 0.11.1 Description: The issue is related to improper control of code generation, allowing an attacker to inject sensitive configuration or malicious code when connecting to a MySQL database via a JDBC driver...
Teacher Subject Allocation Management System 1.0 SQL Injection
Exploit Title: Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi Date: 2023-11-15 Exploit Author: Ersin Erenler Vendor Homepage: https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql Software Link:...