terraform-provider-proxmox has insecure sudo recommendation in the documentation

Note: It is uncertain whether this constitutes a vulnerability or should be filed as an issue instead. Summary In the SSH configuration documentation, the sudoer line that was suggested can be escalated to edit any files in the system. Details The following line were suggested for addition in the...

PT-2024-36628 · Unknown · Site Intel

Name of the Vulnerable Software and Affected Versions: Critical Site Intel versions n/a through 1.0 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This allows for SQL Injection, which can be exploited...

PT-2024-34744 · Unknown · Simple Job Manager

Name of the Vulnerable Software and Affected Versions: Simple Job Manager versions n/a through 1.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations:...

PT-2024-14897

Name of the Vulnerable Software and Affected Versions Egehan Security WebPDKS versions through 20240329 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. The vendor w...

PT-2023-29549 · Ween · Ween Software Admin Panel

Name of the Vulnerable Software and Affected Versions: Ween Software Admin Panel versions through 20231229 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. The vend...

PT-2023-21934 · Unknown · Biztechc Copy/Move Comments

Name of the Vulnerable Software and Affected Versions: biztechc Copy or Move Comments versions n/a through 5.0.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2021-32626

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

PT-2015-1244

Name of the Vulnerable Software and Affected Versions ProFTPD version 1.3.5 Description The issue allows remote attackers to read and write to arbitrary files. This is achieved via the site cpfr and site cpto commands, which are part of the mod copy module in the ProFTPD FTP server. Recommendatio...

PT-2006-5741 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions 5.0 through 5.05 before Hotfix 1 Description: Multiple buffer overflows have unknown impact and remote authenticated attack vectors via the 1 XCRC, 2 XMD5, and 3 XSHA1 commands. Recommendations: For WS FTP Server versio...

Input validation error in quikstore.cgi allows attackers to execute commands

Overview The quikstore shopping cart script contains an input validation error that allows attackers to execute commands on affected web servers. Description The quikstore.cgi script is written in Perl and provides its users with shopping cart software for e-commerce transactions. In November 200...