EUVD-2021-17095

Malware in sbrugna...

EUVD-2023-27839

Malicious code in bioql PyPI...

EUVD-2023-33458

Malicious code in bioql PyPI...

EUVD-2022-38993

Malicious code in bioql PyPI...

Sql injection

TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database...

CVE-2022-36276 SQL injection vulnerability in TCMAN GIM

TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database...

CVE-2022-36276 SQL injection vulnerability in TCMAN GIM

TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database...

PT-2023-13468 · Tcman Gim · Tcman Gim

Name of the Vulnerable Software and Affected Versions: TCMAN GIM version 8.0.1 Description: The issue is related to a SQL injection vulnerability via the SqlWhere parameter inside the BuscarESM function. This could allow a remote attacker to directly interact with the database. Recommendations: F...

CVE-2023-23753

The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it...

Sql injection

The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it...

HackerOne: Corrupted Authorization header can cause logs not to be ingested properly in ████████

HackerOne ingests different logs in ██████, one of them being nginx access logs from our load balancers. The default log format of our load balancer configuration is shown below. As can be seen in the format, the HTTP user specified in the Authorization header $remoteuser is placed between the...

Click It Up: Targeting Local Government Payment Portals

FireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associat...

Web Reconnaissance Framework: Recon-ng

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can...

Claroline 1.5/1.6 userInfo.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry...

GV32-CMS Code of audit records-vulnerability warning-the black bar safety net

Now the cms most is mvc architecture i.e. model+view+cotroll the. Receiving and processing the parameters in the c layer, with database interaction is in the m layer, the page showed in the v layer. Structured can be better for auditing. Here I mainly find thatsql injectionvulnerabilities...

Claroline E-Learning 1.51.6 - exercises_details.php?exo_id SQL Injection

Claroline E-Learning 1.51.6 - exercisesdetails.php?exoid SQL Injection source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize...

Claroline E-Learning 1.51.6 - userInfo.php Multiple SQL Injections

Claroline E-Learning 1.51.6 - userInfo.php Multiple SQL Injections source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied...