📄 WeGIA 3.5.0 SQL Injection

Proof of concept remote SQL injection exploit for WeGIA versions 3.5.0 and below. Exploit Title: WeGIA 3.5.0 - SQL Injection Date: 2025-10-14 Exploit Author: Onur Demir OnurDemir-Dev Vendor Homepage: https://www.wegia.org Software Link: https://github.com/LabRedesCefetRJ/WeGIA/ Version: " echo...

CVE-2023-50441

Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which...

PT-2025-47450

Name of the Vulnerable Software and Affected Versions Apache Causeway affected versions not specified Description Apache Causeway is susceptible to Java deserialization issues that can lead to remote code execution RCE. Exploitation occurs through user-controllable URL parameters. Authenticated...

CVE-2025-61604

WeGIA CSRF in delete operation (Almoxarifado) affects versions 3.4.12 and earlier of WeGIA, where the delete endpoint is exposed via HTTP GET without CSRF protection, allowing an attacker to trigger actions using a victim’s authenticated session. This vulnerability is fixed in version 3.5.0. Impa...

PT-2025-40424

Name of the Vulnerable Software and Affected Versions WeGIA versions 3.4.12 and below Description WeGIA is a Web manager for charitable institutions. A SQL Injection issue exists in the /controle/control.php endpoint, specifically in the descricao parameter. This allows attackers to execute...

PT-2025-39349

Name of the Vulnerable Software and Affected Versions fast-redact versions prior to 3.5.0 Description A Prototype Pollution issue exists in the nestedRestore function of fast-redact. Attackers can inject properties onto Object.prototype by providing a crafted payload. This can lead to a denial of...

Shibboleth Service Provider 安全漏洞

Shibboleth Service Provider is a single sign-on framework from Shibboleth UK. A security vulnerability exists in Shibboleth Service Provider 3.5.0 and earlier versions, which stems from a SQL injection in the ID attribute of a SAML response, which could lead to the disclosure of database...

WordPress SSL Wireless SMS Notification Plugin <= 3.5.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin SSL Wireless SMS Notification versions = 3.5.0...

CVE-2022-35029

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea...

Jsish 资源管理错误漏洞

Jsish is a small JavaScript parser written in C with a built-in database. A security vulnerability exists in Jsish v3.5.0 that could lead to a Denial of Service DoS...

Jsish 缓冲区错误漏洞

Jsish is a small JavaScript parser with a built-in database written in C. A security vulnerability exists in Jsish v3.5.0, which could lead to a denial of service DoS...

WordPress NextGEN Gallery plugin 跨站请求伪造漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. all-in-one-wp-security-and-firewall is a website security plugin used in it. nextGEN Gallery is an image gallery plugin used...

HPE 3PAR StoreServ Management Console Authorization Bypass Vulnerability

The HPE 3PAR StoreServ Management Console SSMC is an HPE 3PAR management and reporting console that provides converged file and block management on HPE 3PAR StoreServ storage systems. An authorization bypass vulnerability exists in HPE 3PAR StoreServ Management Console 3.5.0. An attacker could...

Liblouis stack buffer overflow vulnerability (CNVD-2018-11258)

Liblouis is an open-source Braille translator written in C. It is a very easy to use and easy to use. A stack buffer overflow vulnerability exists in the 'compileHyphenation' function of the compileTranslationTable.c file in Liblouis version 3.5.0. An attacker can exploit this vulnerability to...

YARA Denial of Service Vulnerability (CNVD-2017-08107)

YARA is a set of tools used to help software researchers identify and categorize malware samples. regex component is one of the regular expression components. A security vulnerability exists in the libyara/grammar.y file in YARA 3.5.0. A remote attacker could exploit this vulnerability to cause a...