CVE-2025-65020

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

CVE-2025-65034 Rallly Improper Authorization Allows Reopening of Any Finalized Poll via Public pollId

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and...

CVE-2025-65020 Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

EUVD-2006-1221

Malware in sbrugna...

EUVD-2005-3740

Malware in sbrugna...

EUVD-2008-4745

Malware in sbrugna...

EUVD-2008-6813

Malware in sbrugna...

CVE-2013-1400

Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or pollid parameter in a viewPollResults or userlogs action...

CVE-2020-24315

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database...

PT-2020-15680 · Vinoj Cardoza · Vinoj Cardoza Wordpress Poll Plugin

Name of the Vulnerable Software and Affected Versions: Vinoj Cardoza WordPress Poll Plugin versions prior to v37 Description: The issue allows users to execute SQL statements by crafting specific input, potentially leading to the dumping of the entire target's database. This is due to a lack of...

WordPress Plugin Simply Poll SQL Injection Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the pollid parameter of the Simply Poll admin-ajax.php page of the...

CVE-2008-6853

SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter...

Sql injection

SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter...

Sql injection

SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect...

CVE-2008-4765

SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect...

CVE-2008-4765

CVE-2008-4765 describes a SQL injection vulnerability in the osCommerce Poll Booth Add-On 2.0, specifically in pollBooth.php. The issue allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. The vulnerability stemS from unsafely handling the pol...

CVE-2008-0498

SQL injection vulnerability in mainbigware53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to mainbigware53.php...

Sql injection

SQL injection vulnerability in mainbigware53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to mainbigware53.php...

CVE-2007-4184

SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter...

CVE-2006-1217

SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to 1 results.php, 2 topolls.php, 3 pollit.php...