WordPress plugin WZone SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had code vulnerabilities. These vulnerabilities stemmed from improper handling of the POST parameter openidurl in the file/index.php file, which could lead to blind SRFI attacks...

CVE-2026-2247 SQL Injection in Clickedu's SaaS platform

SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...

CVE-2026-2247

CVE-2026-2247 describes an SQL injection in Clicldeu SaaS during report generation via the mobile app’s Day-to-day section. The vulnerability arises when a previously authenticated remote attacker uses a malicious payload in the URL generated after downloading a student’s report card, with the PD...

CVE-2023-53975

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...

EUVD-2005-0069

Malware in sbrugna...

EUVD-2024-31705

Malicious code in bioql PyPI...

CVE-2024-3102

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

CVE-2024-3102

CVE-2024-3102 affects mintplex-labs/anything-llm via a JSON Injection in the login flow, specifically the username parameter at /api/request-token. The root cause is improper handling of values, enabling brute-force attempts without prior username knowledge and, once the password is known, blind ...

CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists because the shared address spaces are not blocked for requests, allowing an attacker to cause blind SSRF attacks...

A4: XML External Entities (XXE) ❗️ — Top 10 OWASP 2017

A4: XML External Entities XXE ❗️ — Top 10 OWASP 2017 Introduction XML presents a useful resource for sending data from service to service and for data processing internally but with anything, as soon as user input gets involved, things get dangerous. The processing of these files comes with an...

IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell

Security Advisory IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell Advisory Information -------------------- Published: 2010-06-08 Updated: 2010-06-08 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 Vulnerability Details...

[Full-disclosure] ICMP attacks against TCP: Conclusions

Folks, My posts to this list have tried to show how easy it is to perform ICMP attacks against TCP. The attacks are blind, so the attacker does not need to be a "man in the middle" to perform then. The typical number of packets required to perform any of these attacks is about 16000 in many cases...

CVE-2005-0066

The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged aka "TCP acknowledgement number checking", which makes it easier for...

CVE-2005-0066

Technical details for CVE-2005-0066 are not provided in the connected documents. Public specifics (affected products/versions, exploitation, or fixes) are not present; monitor for updates.