PIDP-Attack: Combining Prompt Injection with Database Poisoning Attacks on Retrieval-Augmented Generation Systems

Large Language Models LLMs have demonstrated remarkable performance across a wide range of applications. However, their practical deployment is often hindered by issues such as outdated knowledge and the tendency to generate hallucinations. To address these limitations, Retrieval-Augmented...

EUVD-2008-6094

Malware in sbrugna...

CVE-2025-4804 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects...

CVE-2017-2730

HUAWEI HiLink APP for IOS versions earlier before 5.0.25.306 and HUAWEI Tech Support APP for IOS versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of...

CVE-2017-2730

CVE-2017-2730 affects Huawei HiLink (iOS) and Huawei Tech Support (iOS) apps prior to 5.0.25.306 and 5.0.0, respectively. The issue is an information-leak vulnerability where, when an iPhone running these apps connects to a Wi‑Fi hotspot set up by an attacker, the attacker can collect the phone’s...

USN-791-1: Moodle vulnerabilities

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...

CVE-2008-6124

SQL injection vulnerability in the hotpotdeleteselectedattempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt...

Sql injection

SQL injection vulnerability in the hotpotdeleteselectedattempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt...

CVE-2008-6124

SQL injection vulnerability in the hotpotdeleteselectedattempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt...

CVE-2008-6124

CVE-2008-6124 is an SQL injection vulnerability in Moodle's HotPot module, exploitable via hotpot_delete_selected_attempts in report.php. Affected Moodle versions are 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2. The vulnerability allows remote attackers to execute a...

CVE-2008-6124

SQL injection vulnerability in the hotpotdeleteselectedattempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt...