32 matches found
CVE-2024-1738
An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorized users to retrieve the results of any organization's evaluation by simply knowing the evaluation...
The vulnerability of the lwp_forgot_password function in the “Login with Phone Number” plugin of the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the lwpforgotpassword function in the “Login with Phone Number” plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remote...
The vulnerability in the Nagios XI monitoring tool’s script/ncludes/comComponents/ccm/index.php allows a attacker to execute arbitrary code.
The vulnerability in the nagiosxi/includes/comComponents/ccm/index.php script of the Core Configuration Manager monitoring tool for Nagios XI is related to the lack of security measures taken to protect the SQL query structure when processing parameters tfFirstNotif, tfLastNotif, and...
CVE-2022-1578 My wpdb < 2.5 - Arbitrary SQL Query via CSRF
The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack...
The vulnerability of the SolarWinds Orion Platform’s network monitoring software lies in the lack of security measures for SQL query structures, allowing attackers to elevate their privileges to administrator levels.
The vulnerability of the SolarWinds Orion Platform’s network monitoring software lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to elevate their privileges to an administrative level remotely...
CVE-2020-15621
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the email parameter, the...
The vulnerability of the NVBUJobHistory Get request handler in the NetVault Backup software allows a attacker to execute arbitrary code.
The vulnerability of the NVBUJobHistory Get request handler in the NetVault Backup software for data archiving and restoration is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
CVE-2017-17416
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue...
CVE-2017-17652
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results fr...
Reset any user's password in VBZoom forums
Name: VBZoom Version Affected: tested on v1.01 maybe other version vulnerable also Severity: Critical Category: Password reset Vendor URL: http://www.vbzoom.com Author: hishhish [email protected] Date: discloused on 28th August 2002 Published at 8th oct 2002 Description VBZooM is bulletin...
CVE-2001-1226
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database...
TWIG SQL query bugs
I can't find the person who really in charge on developing twig, so I mail about this bug to the person who announce new version of twig about two month ago. -------------------------------------------------------------------------- Subject: Unquoted SQL query = potential damage Software package:...