pyload - Log Injection

A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. id: CVE-2024-21645 info: name: pyload - Log Injection author: isacaya severity: medium description: | A log injection...

Symfony Profiler - Remote Access via Injected Arguments

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...

EUVD-2020-28614

Malware in sbrugna...

EUVD-2018-0812

Malware in sbrugna...

CVE-2020-7475

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', reflective DLL, vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20, Modicon M580 all...

CVE-2020-7489

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software versions in security notification. The result of this vulnerability, DLL substitution, coul...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to jsonpath-plus (CVE-2024-21534) and cookie (CVE-2024-47764)

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to jsonpath-plus CVE-2024-21534 and cookie CVE-2024-47764. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package...

CVE-2024-33510

An improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability CWE-74 in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below;...

CVE-2024-35680 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.9.2...

osCommerce 4 Cross Site Scripting

Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: skalvin Date: 22/04/2024 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/furniture/ Tested on: Windows 11 Pro Impact: Manipulate the...

Daily Expense Manager 1.0 - &#039;term&#039; SQLi

Exploit Title: Daily Expense Manager 1.0 - 'term' SQLi Date: February 25th, 2024 Exploit Author: Stefan Hesselman Vendor Homepage: https://code-projects.org/daily-expense-manager-in-php-with-source-code/ Software Link:...

Smart School 6.4.1 - SQL Injection Vulnerability

Exploit Title: Smart School 6.4.1 - SQL Injection Exploit Author: CraCkEr Vendor: QDocs - qdocs.net Vendor Homepage: https://smart-school.in/ Software Link: https://demo.smart-school.in/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-5495 CWE: CWE-89 - CWE-74 - CWE-707 Greetings...

Smart School 6.4.1 - SQL Injection

Exploit Title: Smart School 6.4.1 - SQL Injection Exploit Author: CraCkEr Date: 28/09/2023 Vendor: QDocs - qdocs.net Vendor Homepage: https://smart-school.in/ Software Link: https://demo.smart-school.in/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-5495 CWE: CWE-89 - CWE-74 -...

CVE-2024-21838

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

Code injection

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

CVE-2024-21838

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

CVE-2024-21838

CVE-2024-21838: Improper neutralization of special elements (CWE-74) in Gallagher Command Centre’s email generation feature could allow HTML code injection in emitted emails. Affected: Gallagher Command Centre versions 9.00 before vEL9.00.1774 (MR2), 8.90 before vEL8.90.1751 (MR3), 8.80 before vE...

taskhub 2.8.7 - SQL Injection

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Date: 05/09/2023 Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth...

Academy LMS 6.2 - Reflected XSS

Exploit Title: Academy LMS 6.2 - Reflected XSS Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4973 CWE...