7375 matches found
PHPGurukul Human Metapneumovirus Testing Management System 注入漏洞
Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. The Human Metapneumovirus Testing Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter state...
CVE-2025-5693
CVE-2025-5693 affects PHPGurukul Human Metapneumovirus Testing Management System v1.0. The vulnerability is in the file /bwdates-report-result.php where manipulation of the fromdate/todate parameters leads to SQL injection. The issue is exploitable remotely and is publicly disclosed in the source...
Exploit for CVE-2024-42049
CVE-2024-42049-PoC CVE Details - https://nvd.nist.gov/vuln...
Exploit for Missing Authorization in Gitlab
CVE-2023-5612 – GitLab SSRF via Webhook URL PoC & Analysis...
PHPGurukul Human Metapneumovirus Testing Management System 注入漏洞
Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. Human Metapneumovirus Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the fromdate/todate parameter in the file...
PHPGurukul Human Metapneumovirus Testing Management System 注入漏洞
Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. The Human Metapneumovirus Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter...
Hello, Won'T You Tell Me Your Name?: Investigating Anonymity Abuse in IPFS
The InterPlanetary File SystemIPFS offers a decentralized approach to file storage and sharing, promising resilience and efficiency while also realizing the Web3 paradigm. Simultaneously, the offered anonymity raises significant questions about potential misuse. In this study, we explore methods...
Grafana 11.5.x < 11.5.4 Cross-site Scripting
According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.18, or 11.2.x earlier than 11.2.9, or 11.3.x earlier than 11.3.6, or 11.4.x earlier than 11.4.4, or 11.5.x earlier than 11.5.4, or 11.6.x earlier than 11.6.1. It is, therefore, affected by a...
Grafana 10.0.x < 10.0.11 Incorrect Authorization
According to its self-reported version, the Grafana install hosted on the remote host is 9.5.x earlier than 9.5.16, or 10.0.x earlier than 10.0.11, or 10.1.x earlier than 10.1.7, or 10.2.x earlier than 10.2.4, or 10.3.x earlier than 10.3.3. It is, therefore, affected by a incorrect authorization...
Grafana 11.2.x < 11.2.9 Cross-site Scripting
According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.18, or 11.2.x earlier than 11.2.9, or 11.3.x earlier than 11.3.6, or 11.4.x earlier than 11.4.4, or 11.5.x earlier than 11.5.4, or 11.6.x earlier than 11.6.1. It is, therefore, affected by a...
UBUNTU-CVE-2025-29785
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
Exploit for Code Injection in Grafana
🚨 CVE-2024-9264 - Grafana SQL injection leading to Remote Code...
ConnectWise ScreenConnect < 25.2.4 RCE
According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 25.2.4. It is, therefore affected by a remote code execution vulnerability: - ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection...
Randextract: a Reference Library to Test and Validate Privacy Amplification Implementations
Quantum cryptographic protocols do not rely only on quantum-physical resources, they also require reliable classical communication and computation. In particular, the secrecy of any quantum key distribution protocol critically depends on the correct execution of the privacy amplification step. Th...
Evaluating the Security Efficacy of Web Application Firewalls (WAFs)
Web Application Firewalls WAFs are now a staple in defending web-facing applications and APIs, acting as specialized filters to block malicious traffic before it ever reaches your systems. But simply deploying a WAF isn’t enough, the real challenge is knowing whether it works when it matters most...
CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)
In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution RCE against the device as the root user. While...
An Advanced Cyber-Physical System Security Testbed for Substation Automation
A Cyber-Physical System CPS testbed serves as a powerful platform for testing and validating cyber intrusion detection and mitigation strategies in substations. This study presents the design and development of a CPS testbed that can effectively assess the real-time dynamics of a substation. Cybe...
Exploit for OS Command Injection in Php
CVE-2024-4577 취약점 테스트 스크립트 이 Python 스크립트는 PHP의 최신 취약점인 CVE-...
CVE-2025-46804
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...
Exploit for CVE-2025-2783
ChromSploit Framework v2.2 🚀 !Python Versionhttps://img...