22 matches found
CodeAlpha_SQLInjectionSecurity
CodeAlphaSQLInjectionSecur...
CVE-2008-6992
GreenSQL Firewall greensql-fw, possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL...
CVE-2025-40102 KVM: arm64: Prevent access to vCPU events before init
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized yet, leading to KVM interpreting a bunch of...
EUVD-2008-6951
Malware in sbrugna...
EUVD-2023-32126
Malicious code in bioql PyPI...
EUVD-2024-40448
Malicious code in bioql PyPI...
CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...
GHSA-3G7P-8QHX-MC8R Shescape potential environment variable exposure on Windows with CMD
Impact This impact users of Shescape: 1. On Windows using the Windows Command Prompt i.e. cmd.exe, and 2. Using quote/quoteAll or escape/escapeAll with the interpolation option set to true. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp...
Sql injection
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds...
SUSE CVE-2009-0543
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in 1 modsqlmysql and 2 modsqlpostgres...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
Wallarm NG WAF is ranked as a “High Performer” by G2, Spring 2021!
We are proud to announce that Wallarm NG WAF was ranked as a “High performer” by G2 in the Web Application Firewall category. This award from the G2 platform confirms that our solution is highly rated by current verified Wallarm WAF users, who left unbiased reviews and answers to WAF-related...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...
SmartBlog 2.0.1 Blind SQL Injection
Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...
researchutilization.org XSS vulnerability
Open Bug Bounty ID: OBB-447267 Description| Value ---|--- Affected Website:| researchutilization.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
The Bash Vulnerability: How to Protect your Environment
A recently discovered hole in the security of the Bourne-Again Shell bash has the majority of Unix/Linux including OS X admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts...
Sql injection
GreenSQL Firewall greensql-fw, possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL...
World Association of Newspapers SQL Injection Exploit
!/usr/bin/python This was written for educational purpose only. Use it at your own risk. Author will be not responsible for any damage! !!! Special greetz for my friend sinner01 !!! !!! Special thanx for d3hydr8 and rsauron who inspired me !!! . . | / | | \ \ | / / |\ \ \ |/ // / /\ \ / |/ \ / //...
PHP-Nuke Platinum 7.6.b.5 (dynamic_titles.php) SQL Injection Exploit
No description provided by source. !/usr/bin/perl Inphex use LWP::UserAgent; use LWP::Simple; use IO::Socket; use Switch; PHP-Nuke Platinum , ForumsStandart - magicquotesgpc = OFF , SQL Injection nukeusers Structure: userid name username useremail femail userwebsite useravatar userregdate usericq...