3 matches found
PT-2026-5163
Name of the Vulnerable Software and Affected Versions SmartBlog version 2.0.1 Description The software contains a blind SQL injection issue in the id post parameter of the details controller. This allows attackers to extract database information by injecting crafted SQL queries that compare...
Wisconsin Governor Hacks the Veto Process
In my latest book, A Hackers Mind, I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers--supposedly unique in their specificity--to change a one-year funding increase into a 400-year funding increase. He took this wording:...
CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...