CVE-2026-30778

CVE-2026-30778 affects Apache SkyWalking OAP where the /debugging/config/dump endpoint may leak sensitive configuration data (including MySQL/PostgreSQL-related details) in versions 9.7.0 through 10.3.0. The exposure is tied to the configuration dump functionality, potentially revealing credentia...

EUVD-2017-2808

Malware in sbrugna...

EUVD-2021-11440

Malware in sbrugna...

CVE-2021-24528

The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting XSS vulnerability. Only...

CVE-2025-32852

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fro...

CVE-2025-30032

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UnlockDatabaseSettings, which can be exploited by an attacker to bypas...

Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection

Title = Carbon Forum 5.9.0 - Multiple Exploits - Author = bRpsd [email protected] - Date Release = 22 June, 2024 - Vendor = Carbon Forum https://www.94cb.com/ Download = https://github.com/lincanbin/Carbon-Forum Vulnerable Versions = 5.9.0 = Tested Version = 5.9.0 on xampp Server. Vulnerability 1 :...

CVE-2023-35866

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...

Directory traversal

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...

CVE-2021-24528 FluentSMTP < 2.0.1 - Authenticated Stored XSS

The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting XSS vulnerability. Only...

PostgreSQL: Database settings for Compliance Tests

Allows to set various PostgreSQL database settings used for compliance tests. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sql injection

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

CVE-2017-11174

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current...

Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery

Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ====================================...

Advanced Electron Forum 1.0.9 Cross Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current...

Subrion 3.x.x File Download / Arbitrary Access

Title = Subrion 3.X.X - Multiple Exploits - Author = bRpsd skype: vegnox - Date Release = 23 October, 2015 - Vendor = Subrion Homepage = http://www.subrion.org/ Download = http://tools.subrion.org/get/latest.zip Vulnerable Versions = 3.X.X Tested Version = Latest, 3.3.5 on a Wamp Server. x Google...

Subrion 3.X.X - Multiple Vulnerabilities

Exploit for php platform in category web applications - Title = Subrion 3.X.X - Multiple Exploits - Author = bRpsd skype: vegnox - Date Release = 23 October, 2015 - Vendor = Subrion Homepage = http://www.subrion.org/ Download = http://tools.subrion.org/get/latest.zip Vulnerable Versions = 3.X.X...

Subrion 3.x - Multiple Vulnerabilities

Title = Subrion 3.X.X - Multiple Exploits - Author = bRpsd skype: vegnox - Date Release = 23 October, 2015 - Vendor = Subrion Homepage = http://www.subrion.org/ Download = http://tools.subrion.org/get/latest.zip Vulnerable Versions = 3.X.X Tested Version = Latest, 3.3.5 on a Wamp Server. x Google...