CVE-2024-32979

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL...

UBUNTU-CVE-2025-21519

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password

Pandora FMS is a monitoring solution that provides full observability for your organization's technology. This module exploits an command injection vulnerability in the LDAP authentication mechanism of Pandora FMS. You need have admin access at the Pandora FMS Web application in order to execute...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

Exploit for CVE-2024-12025

CVE-2024-12025 Collapsing Categories = 5.0 AND error-based - W...

Vulnerability of the Client component: mysqldump, a client for the MySQL database management system, allows an attacker to gain unauthorized access to protected information.

The vulnerability of the Client component, mysqldump, in the MySQL database management system involves insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the MySQL network...

The vulnerability of the InnoDB component of the MySQL Database Server, which allows a hacker to cause a service failure

The vulnerability of the InnoDB component in the MySQL Database Management System is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service failures using the MySQL protocol...

Dolibarr 20.0.1 SQL Injection

Titles: dolibarr 20.0.1 Multiple security token SQLi Author: nu11secur1ty Date: 10/15/2024 Vendor: https://www.dolibarr.org/ Software: https://www.dolibarr.org/downloads.php Reference: https://portswigger.net/web-security/sql-injection Description: The socid parameter appears to be vulnerable to...

C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection

Advisory ID: SYSS-2024-023 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: -...

python-social-auth: Improper Handling of Case Sensitivity in social-auth-app-django

A flaw was found in social-auth-app-django. In affected versions of this package, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match...

CVE-2024-45174

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrar...

CVE-2024-45174

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrar...

CVE-2024-45174

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrar...

PT-2024-31458 · Za Internet · Za-Internet C-Mor Video Surveillance

Name of the Vulnerable Software and Affected Versions: za-internet C-MOR Video Surveillance versions 5.2401 through 6.00PL01 Description: An issue was discovered due to improper validation of user-supplied data, making different functionalities of the C-MOR web interface vulnerable to SQL injecti...

CVE-2024-45174

CVE-2024-45174 affects za-internet C-MOR Video Surveillance versions 5.2401–6.00PL01. The issue is an SQL injection in the web interface caused by improper validation of user-supplied data, enabling an authenticated user to execute arbitrary SQL commands in the MySQL database. CVSSv3.1 base score...

CodeAstro Online Railway Reservation System 跨站脚本漏洞

CodeAstro Online Railway Reservation System is a full-featured CodeAstro project based on the Online Railway Reservation System project, which uses PHP language and MySQL database. A cross-site scripting vulnerability exists in CodeAstro Online Railway Reservation System version 1.0, which stems...

The vulnerability of the InnoDB component of the MySQL Database Server, which allows a hacker to cause a service failure

The vulnerability of the InnoDB component of the MySQL Database Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2024-40392

SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php...

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the Oracle MySQL Server component of the database management system’s optimizer is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...