CVE-2024-51164

CVE-2024-51164 (JEPaaS 7.2.8) is a SQL injection in the endpoint “/je/login/btnLog/insertBtnLog” that could allow a remote attacker to submit a crafted query and retrieve all information stored in the database. Affected product: JEPaaS 7.2.8. The public documents consistently describe the vulnera...

CVE-2024-8465 SQL injection vulnerability in Job Portal

SQL injection vulnerability, by which an attacker could send a specially designed query through userid parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it...

CVE-2024-33965

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in...

CVE-2024-33967 SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLeve...

CVE-2024-33962 SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in...

CVE-2024-33960 SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in...

CVE-2024-4309

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /user/transaction.php?id=1, /user/credit-debittransaction.php?id=1,/user/viewtransaction. php?id=1 and...

CVE-2024-2586

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

CVE-2024-2586 SQL injection vulnerability in AMSS++

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

Sql injection

A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing t...

How Your Smartphone Can Be Used to Steal Your Data

By Owais Sultan Our smartphones are home to some of the most sensitive data possible such as our passwords, photos, banking… This is a post from HackRead.com Read the original post: How Your Smartphone Can Be Used to Steal Your Data...

Cybozu Remote Service HTTP Header Injection Vulnerability

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems by Cybozu Japan.Cybozu Remote Service is vulnerable to HTTP header injection. A remote attacker can use this vulnerability to alter information stored in the product...

Carlo Gavazzi VMU-C EM and VMU-C PV

CVSS V3 10 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Carlo Gavazzi Equipment: VMU-C EM, VMU-C PV Vulnerabilities: Access Control Flaws, CSRF, Sensitive Information Stored In Clear Text AFFECTED PRODUCTS Carlo Gavazzi reports that the vulnerabilities affect the following...

JVN#09872874 Movable Type access restriction bypass vulnerability

Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. This vulnerability is different from JVN08369659. Impact A remote attacker may view or modify information stored by Movable Type. Solution Update the Software...

Debian DSA-1724-1 : moodle - several vulnerabilities

Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0500 It was discovered that the information stored in the log tables was not properly sanitized, which could...

CVE-2007-2035

Cisco Wireless Control System WCS before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301...