EUVD-2023-35075

Malicious code in bioql PyPI...

CVE-2023-30711

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider...

CVE-2023-30711

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider...

CVE-2021-35232 Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...

DESTOON sql注入漏洞

简要描述： DESTOON sql注入漏洞 详细说明： 一枚二次注入,因为使用了dhtmlspecialchars导致防注入失效。可以任意数据。 先来看留言模块： \module\extend\comment.inc.php $item = $db-getone"SELECT title,linkurl,username,status FROM ".gettable$mid." WHERE itemid=$itemid"; //从数据库中取出对于模块的发布数据 $item or exit; $item'status' 2 or exit; $linkurl =...

Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol

Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...