318 matches found
CVE-2021-46445
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?boxgroupid...
Xiuno BBS Cross-Site Scripting Vulnerability (CNVD-2021-85272)
Xiuno BBS is an open source forum program based on PHP and MySQL. Xiuno BBS suffers from a cross-site scripting vulnerability that stems from the product's installinstall.sql component failing to properly validate user input data. An attacker can execute arbitrary web script and HTML by modifying...
PT-2021-7498 · Mariadb +10 · Mariadb Server +10
Name of the Vulnerable Software and Affected Versions: MariaDB Server versions 10.6 and below Description: An issue in the component Field::set default of MariaDB Server was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements. The vulnerability is...
PT-2021-7501 · Mariadb +10 · Mariadb Server +10
Name of the Vulnerable Software and Affected Versions: MariaDB Server versions 10.6.3 and below Description: An issue in the component my decimal::operator= of MariaDB Server was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements. The vulnerability...
ECSIMAGING PACS 6.21.5 SQL Injection
Exploit Title: ECSIMAGING PACS 6.21.5 - SQL injection Date: 06/01/2021 Exploit Author: shoxxdj Vendor Homepage: https://www.medicalexpo.fr/ Version: 6.21.5 and bellow tested on 6.21.5,6.21.3 Tested on: Linux ECSIMAGING PACS Application in 6.21.5 and bellow suffers from SQLinjection vulnerability...
PT-2020-6771 · Zyxel · Zyxel Cloudcnm Secumanager
Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue is related to a lack of protection for the SQL query structure in the Zyxel CloudCNM SecuManager software. This can be exploited by a remote attacker to gain...
CVE-2019-20858
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service CPU consumption via crafted characters in a SQL LIKE clause to an APIv4 endpoint...
Concrete CMS: Time-base SQL Injection in Search Users
Description ===================== I've identified an SQL injection vulnerability in the website labs.data.gov that affects the endpoint /index.php/dashboard/users/search and can be exploited via the fSearchDefaultSortDirection param. I didn't extract any data from the database, I've confirmed the...
PT-2019-6079
Name of the Vulnerable Software and Affected Versions SonicWall SMA100 versions 9.0.0.3 and earlier Description The issue allows an unauthenticated user to gain read-only access to unauthorized resources. It is related to a lack of protection measures for the SQL query structure, which can be...
Agent Tesla Botnet - Arbitrary Code Execution Exploit
Agent Tesla Botnet - Arbitrary Code Execution import requests import argparse import base64 Agent Tesla C2 RCE by prsecurity For research purposes only. Don't pwn what you don't own. def getargs: parser = argparse.ArgumentParser prog="agentteslasploit.py", formatterclass=lambda prog:...
Azorult Botnet - SQL Injection Exploit
Azorult Botnet - SQL Injection import requests import argparse import base64 Azorult 3.3.1 C2 SQLi by prsecurity For research purposes only. Don't pwn what you don't own. change GUID and XOR key to specific beacon, can be extracted from a sample guid =...
Agent Tesla Botnet Arbitrary Code Execution
import requests import argparse import base64 Agent Tesla C2 RCE by prsecurity For research purposes only. Don't pwn what you don't own. def getargs: parser = argparse.ArgumentParser prog="agentteslasploit.py", formatterclass=lambda prog: argparse.HelpFormatterprog, maxhelpposition=50, epilog= ''...
@arkecosystem/core (>=2.1.0 <=2.7.26), @arkecosystem/core-database-postgres (>=0.2.0 <=2.7.26) +221 more potentially affected by unknown CVE via sql (>=0.0.5 <=0.78.0)
sql NPM version =0.0.5, =2.1.0, =0.2.0, =2.4.0, =0.1.0, =2.1.0, =1.0.0, =1.0.0, =2.0.0-alpha.1, =2.0.0-pre.12, =2.0.0-alpha.1, =1.0.0, =0.20.1, =0.4.4, =1.1.0, =1.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8F93-RV4P-X4JW...
SS-2018-020: Potential SQL vulnerability in PostgreSQL database connector
More info at https://www.silverstripe.org/download/security-releases/ss-2018-020/...
Joomla! Dutch Auction Factory 2.0.2 SQL Injection
Exploit Title: Joomla! Component Dutch Auction Factory 2.0.2 - 'filterorderDir' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...
hostel365.com.br Improper Access Control vulnerability
Open Bug Bounty ID: OBB-654649 Description| Value ---|--- Affected Website:| hostel365.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
OPENSUSE-SU-2018:1059-1 Security update for phpMyAdmin
This update for phpMyAdmin to version 4.8.0.1 fixes the following issues: - CVE-2018-10188: Possible execution of arbitrary SQL statements via manipulated URLs boo1090309 This version also contains a number of upstream changes, improvements, new functions and bug fixes...
capitolcardiology.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-593766 Description| Value ---|--- Affected Website:| capitolcardiology.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
flergalicious.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-593080 Description| Value ---|--- Affected Website:| flergalicious.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
EUVD-2017-3126
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...