13 matches found
EUVD-2018-17647
Malware in sbrugna...
EUVD-2022-51293
Malicious code in bioql PyPI...
CVE-2025-26647
creationtimestamp| type| source ---|---|--- 2025-04-08 16:14:25+00:00| seen| https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review 2025-04-08 19:48:32+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114304071183126579 2025-04-08 20:07:45+00:00| seen|...
CVE-2022-48597
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2024-9131
creationtimestamp| type| source ---|---|--- 2025-01-10 21:31:40+00:00| seen| https://infosec.exchange/users/cve/statuses/113806193460936773 2025-01-10 22:16:10+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfg7slg6rh2x 2025-01-10 22:43:26+00:00| seen|...
ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66422)
ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...
CVE-2022-48597
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2022-48597
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
PT-2023-15869 · Sciencelogic · Sciencelogic Sl1
Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the "ticket event report" feature, where unsanitized user-controlled input is passed directly to a SQL query, allowing the injection of arbitrary SQ...
ScienceLogic SL1 SQL注入漏洞
ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...
Mail.ru: Blind XSS Stored and CORS misconfiguration в отчете "События" сервиса top.mail.ru
Details: Прежде чем начать, хотелось бы отметить что в правилах по XSS сказано including privilege escalations within the product are accepted without bounty, однако полученные таким образом Cookies жертвы не привязаны к домену продукта top.mail.ru. Вот пример, Cookies: ██████████ Domain, site,...
Update Rollup 13 for System Center 2012 R2 Operations Manager
Update Rollup 13 for System Center 2012 R2 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 13 for Microsoft System Center 2012 R2 Operations Manager. This article also contains the installation instructions for this update. Issues that are fixed...
Buffer overflow
Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660...