Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)

Exploit Title: Royal Event Management System 1.0 - 'todate' SQL Injection Authenticated Date: 2022-26-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software Link:...

Microfinance Management System 1.0 SQL Injection

Exploit Title: Microfinance Management System 1.0 - 'customernumber' SQLi Date: 2022-25-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Software Link:...

Internet Bug Bounty: Use of uninitialized value of in req_parsebody method of lua_request.c

Software Versions Ubuntu - 18.04 64-bit Apache 2.4.51 - 64 bit Cause of Bug This bug is present in the reqparsebody method of luarequest.c file. Below mentioned lines of code cause this bug. cpp const char data; int i; sizet vlen = 0; sizet len = 0; if luareadbodyr, &data, aprofft &size,...

The Bug Report – October Edition

ARCHIVED STORY The Bug Report – October Edition By Douglas McKee · November 02, 2021 Your Cyber Security Comic Relief Figure 1. Apache server version 2.4.50 CVE-2021-42013 Why am I here? Regardless of the origins, you’ve arrived at Advanced Threat Research team’s monthly bug digest – an overview ...