SQL Injection

postgresql is vulnerable to sql injection. The vulnerability exists incomplete efforts to operate safely when a privileged user is maintaining another user's objects which allows an attacker to inject and execute arbitrary sql functions...

Code Injection in baserCMS

baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors...

Command Injection in VIVO Vitro

SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service ReDoS, as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request...

GHSA-HGQ9-Q8G2-3JMG Command Injection in VIVO Vitro

SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service ReDoS, as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request...

Code injection

Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution...

CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

CVE-2022-27308

A stored cross-site scripting XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title...

Cross site scripting

A stored cross-site scripting XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title...

Jfinal CMS Command Injection Vulnerability

Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.0.1 has a command injection vulnerability, which originates from...

PHProjekt PhpSimplyGest / MyProjects 1.3.0 Cross Site Scripting

Exploit Title: PHProjekt PhpSimplyGest / MyProjects, 1.3.0 - Stored XSS Cross-Site Scripting Date: 2022-05-05 Exploit Author: Andrea Intilangelo Vendor Homepage: http://www.phprojekt.altervista.org removed demo was at http://phprojekt.altervista.org/phpsimplygest130 Software Link:...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router from TOTOLINK China. A security vulnerability exists in the TOTOLINK A7100RU v7.4cu.2313b20191024 firmware version, which originates from a command injection attack on the setWiFiAdvancedCfg interface. An attacker can exploit this vulnerability to execute...

CVE-2022-28589

A stored cross-site scripting XSS vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=addnew...

CVE-2022-27428

A stored cross-site scripting XSS vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the albumname parameter...

curl: --libcurl code injection via trigraphs

Summary: curl command --libcurl option can be tricked to generate C code that when compiled contains arbitrary code execution. Steps To Reproduce: 1. curl --libcurl client.c --user-agent "??/";char c='i','d',' ','','x',0,m='r',0;fclosepopenc,m;//" http://example.invalid 2. gcc -trigraphs client.c...

ThoughtWorks GoCD Command Injection Vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A command injection vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which can be exploited by attackers to cause arbitrary command execution...

CVE-2022-27472

SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely...

Design/Logic Flaw

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

JFinalOA SQL Injection Vulnerability

JFinalOA is an enterprise office system developed based on the JFinal framework.JFinalOA has a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL statements...

NexusPHP SQL注入漏洞

NexusPHP is a free and open source complete solution for building PT websites. NexusPHP version 1.5 is vulnerable to SQL injection, which can be exploited by remote attackers to execute arbitrary SQL commands via the id parameter...

The vulnerability of the Cyrus SASL authentication mechanism lies in the lack of protection for the structure of SQL queries, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Cyrus SASL authentication mechanism lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...