CVE-2026-35184

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

EcclesiaCRM SQL注入漏洞

EcclesiaCRM is a customer relationship management software for church management, developed by the French individual phili67. Versions of EcclesiaCRM prior to 8.0.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the custom and value parameters in the...

EUVD-2007-0188

Malware in sbrugna...

Uncaught Exception in surrealdb

Although custom parameters and functions are only supported at the database level, it was allowed to invoke those entities at the root or namespace level. This would cause a panic which would crash the SurrealDB server, leading to denial of service. Impact A client that is authorized to run queri...

PT-2024-40347 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 1.1.1 Description: The issue allows authorized clients to invoke custom parameters and functions at the root or namespace level, causing a panic that crashes the SurrealDB server, leading to denial of service. This...

Why We Don’t Generate Elliptic Curves Every Day

With all the talk recently of how the NIST curve parameters were selected, a reasonable observer could wonder why we all use the same curves instead of generating them along with keys, like we do for Diffie-Hellman parameters. You might have memories of waiting around for openssl dhparam to run a...

Tackling the OAuth2 Client component model in Spring Security

In Spring Security 5, we saw many developments in the OAuth2 story with the introduction of OAuth2 Resource Server and OAuth2 Client into the framework. Today, it is quite convenient to develop applications that are secured by OAuth2 using the features available in OAuth2 Resource Server...

Siemens SIMATIC WinCC OA Ultralight Client Parameter Injection Vulnerability

SIMATIC WinCC Open Architecture OA is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptability, large or complex applications, and projects that require specific system requirements or functionality. A parameter injection...

Wordpress Strong Testimonials 2.40.1 Plugin - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Strong Testimonials 2.40.0 - Persistent Cross-Site Scripting Vendor Homepage: https://strongtestimonials.com Vendor Changelog: https://github.com/MachoThemes/strong-testimonials/blob/master/changelog.txt Exploit...

Open Redirect

doorkeeper-openidconnect is vulnerable to open redirect. The attack exists because it does not filter redirecturi in OAuth authorization request when handling custom parameters, causing an error response with the openid scope and a prompt=none value...

Facebook OAuth flaw allows gaining full control over any Facebook account

Facebook OAuth is used to communicate between Applications & Facebook users, to grant additional permissions to your favorite apps. To make this possible, users have to 'allow or accept' the application request so that app can access your account information with required permissions. As a normal...

Google Talk - gtalk: Deprecated URI Handler Injection

Google Talk - gtalk: Deprecated URI Handler Injection Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of...