CVE-2026-48842

The CVE affects Roundcube Webmail 1.6.x ≤1.6.15 and 1.7.x ≤1.7.0, via the virtuser_query plugin, where a pre-authentication SQL injection is triggered by a backslash-escaped preg_replace() bypass. Root cause: input crafted to bypass escapes leads to SQL injection before authentication. Impact is ...

CVE-2022-43462

Auth. SQL Injection SQLi vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin = 5.00 versions...

OPENSUSE-SU-2020:1806-1 Security update for phpMyAdmin

This update for phpMyAdmin fixes the following issues: phpMyAdmin was updated to 4.9.7 boo1177842: Fix two factor authentication that was broken in 4.9.6 Fix incompatibilities with older PHP versions Update to 4.9.6: - Fixed XSS relating to the transformation feature boo1177561 CVE-2020-26934,...

Travel Management System 1.0 Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Travel Management System v1.0 - Unauthenticated Remote Code Execution Exploit Author: Adeeb Shah @hyd3sec & Bobby Cooke boku Vulnerability Discovery: Adeeb Shah @hyd3sec Date: August 10, 2020 Vendor Homepage:...

HP's Zero Day Initiative Changes Bug-Buying Guidelines

HP’s Zero Day Initiative has decided to adjust its guidelines and criteria or buying some vulnerabilities in the future, eliminating some large classes of bugs from its menu. The group, which has been among the more visible and prominent of the vulnerability purchasing programs since its inceptio...

Password Protect XSS and SQL-Injection vulnerabilities.

CRIOLABS - Software: Password protect - Type: User Authentication - Company: Web Animations - Date: 30-8-2004 Software Software: Password protect Versions: All Languaje: ASP Plataforms: Win nt, 2000, xp Web: http://www.webanimations.com.au/ The ultimate protection including unlimited user names a...