117 matches found
jFinal Server-Side Template Injection vulnerability
Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...
CVE-2023-21508
Out-of-bounds Write vulnerability while processing BCTUICMDSENDRESOURCEDATA command in bctui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code...
Deserialization of untrusted data
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root...
Cisco Prime Infrastructure Multiple Vulnerabilities (cisco-sa-pi-epnm-eRPWAXLe)
The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.7.1, 3.8.1, 3.9.1 or 3.10.2. It is, therefore, affected by multiple vulnerabilities as referenced in the cisco-sa-pi-epnm-eRPWAXLe advisory: - An information disclosure vulnerability in the web-based management...
CVE-2023-24163
SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine...
FeehiCMS has an arbitrary file upload vulnerability
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code...
CVE-2022-29351
An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here...
CVE-2021-45940
A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the bpfobjectopen function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory...
SQL Injection in dolibarr/dolibarr
Description The searchusers parameter does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection. Proof of Concept Slow query example: POST /dolibarr-14.0.5/htdocs/compta/sociales/list.php HTTP/1.1 Content-Type:...
SQL Injection in pimcore/pimcore
Description The storeId parameter does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection. Proof of Concept 1. Add items to Classification Store: Key definition, Group,... 2. Injection boolean base:...
Movie Rating System 1.0 - SQL injection to Remote Code Execute (Unauthenticated) Exploit
Exploit Title: Movie Rating System 1.0 - SQLi to RCE Unauthenticated Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html Version: 1.0 Tested on: Ubuntu This exploit only works correctly if...
Stack overflow
FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code...
SQL Injection in ampache/ampache
Description The application does not validate and escape the client parameter before using it in a SQL statement at getbookmark function in Repository/Model/Bookmark.php file, leading to a SQL Injection The function named getbookmark which called by in 3 functions: bookmarkcreate, bookmarkedit an...
Sql injection
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...
Google Android Elevation of Privilege Vulnerability (CNVD-2021-80276)
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handset Alliance OHA. an elevation of privilege vulnerability exists in the Framework component of Google Android. An attacker could exploit this vulnerability to execute arbitrary code in the context of a...
SQL Injection in ampache/ampache
Description The application does not validate and escape the type parameter before using it in a SQL statement in Model/Tag.php, leading to a SQL Injection Proof of Concept Time delay: GET /browse.php?action=tag&type=0%27orifnow=sysdate,sleep3,0or%27 HTTP/1.1 Host: demo.ampache.dev sec-ch-ua:...
CVE-2021-31649
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute...
CVE-2021-31649
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute...
SQL Injection in s-cart/core
✍️ Description Searching keyword in/scadmin/currency is vulnerable to SQL injection. This will allow a user to run arbitrary SQL queries and completely delete, edit, export or change all information in the database - potentially rendering the entire platform unusable. 🕵️♂️ Proof of Concept Login...
Tenda G1 and G3 Buffer Overflow Vulnerability (CNVD-2022-10753)
Tenda G1 and G3 is a router from Tenda, China. Tenda G1 and G3 is vulnerable to a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code via a crafted action portMappingIndex request...