CVE-2019-25439 NoviSmart CMS SQL Injection via Referer HTTP Header

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...

Towards Privacy-Preserving and Personalized Smart Homes Via Tailored Small Language Models

Large Language Models LLMs have showcased remarkable generalizability in language comprehension and hold significant potential to revolutionize human-computer interaction in smart homes. Existing LLM-based smart home assistants typically transmit user commands, along with user profiles and home...

PT-2025-37376

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description The Chamilo learning management system has an OS Command Injection issue. This occurs due to a failure to neutralize special elements used in the operating system command. Successful exploitation...

VulnCheck KEV: CVE-2019-4061

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869...

SUSE CVE-2007-2925

The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache...

SUSE CVE-2013-7423

The senddg function in resolv/ressend.c in GNU C Library aka glibc or libc6 before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function...

PT-2019-16872 · Ibm · Ibm Bigfix Platform

Name of the Vulnerable Software and Affected Versions: IBM BigFix Platform versions 9.2 through 9.5 Description: The issue allows an attacker to remotely query the relay and gather information about updates and fixlets deployed to associated sites due to the lack of authenticated access...

MyBB 1.8.1 Cross Site Scripting / SQL Injection

Title: MyBB 1.8.X - Multiple Vulnerabilities Date: 13.11.2014 Tested on: Linux / Apache 2.2 / PHP 5 localhost Vendor: mybb.com Version: = 1.8.1 - Latest ATM Contact: [email protected] Author: Smash Latest MyBB forum software suffers on multiple vulnerabilities, including SQL Injection and Cross...

DEBIAN-CVE-2007-2925

The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache...

CVE-2006-4562

The proxy DNS service in Symantec Gateway Security SGS allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on th...

PT-2006-5355 · Symantec · Symantec Gateway Security

Name of the Vulnerable Software and Affected Versions: Symantec Gateway Security SGS affected versions not specified Description: The issue allows remote attackers to make arbitrary DNS queries to third-party DNS servers while hiding the source IP address of the attacker. It is related to the pro...