Code-Projects Simple Ticket Booking SQL注入漏洞

Code-Projects Simple Ticket Booking is a simple ticket booking system from Code-Projects open source. Code-Projects Simple Ticket Booking version 1.0 has a SQL injection vulnerability that originates from the name/email/dob/password/Gender/ phone parameter in the Registration Handler component of...

PT-2024-40834 · Jflex · Jflex

Name of the Vulnerable Software and Affected Versions: jflex affected versions not specified Description: A security exception crash has been reported. The crash occurs in the jflex.core.NFA.insertNFA function, which is called by java.base/java.lang.ClassLoader.defineClass1 and...

Amazon Linux 2023 : mariadb105, mariadb105-backup, mariadb105-common (ALAS2023-2024-698)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-698 advisory. MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fixfieldsifneeded under...

DEBIAN-CVE-2024-42077

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2dioendiowrite estimates number of necessary transaction credits using ocfs2calcextendcredits. This however does not take into account that the IO cou...

UBUNTU-CVE-2024-42077

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2dioendiowrite estimates number of necessary transaction credits using ocfs2calcextendcredits. This however does not take into account that the IO cou...

PT-2024-40821 · Jflex · Jflex

Name of the Vulnerable Software and Affected Versions: jflex affected versions not specified Description: A security exception crash has been reported. The crash occurs in the jflex.core.NFA.insertNFA function, which is called by java.base/java.lang.ClassLoader.defineClass1 and...

CVE-2024-6808

A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-6803

A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert.php. The manipulation of the argument anothercont leads to sql injection. The attack can be launched remotely. Th...

WordPress Insert or Embed Articulate Content into WordPress plugin < 4.3000000024 - Author+ Arbitrary File Upload vulnerability

Author+ Arbitrary File Upload vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Insert or Embed Articulate Content into WordPress versions 4.3000000024...

PT-2024-28616 · Hibernate · Hibernate

Name of the Vulnerable Software and Affected Versions: NHibernate versions prior to 5.4.9 NHibernate versions prior to 5.5.2 Description: A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. This vulnerability affects callers of these methods, including...

SQL Injection

Overview NHibernate is a mature, open source object-relational mapper for the .NET framework. It is actively developed, fully featured and used in thousands of successful projects. Affected versions of this package are vulnerable to SQL Injection when passing unescaped user input to...

WordPress Gallery 2.3.6 Cross Site Scripting Vulnerability

Exploit Title: Wordpress Gallery Version 2.3.6 Stored XSS Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://total-soft.com/wp-video-gallery/ Version 2.3.6 Steps to Execute the Payload: 1. Access the Admin Panel: - Navigate to the admin panel of your WordPress site. - Go to TS...

WordPress plugin Cost Calculator Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

MAL-2024-6756 Malicious code in batch-insert (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in batch-insert (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-3105

The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insertphp' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized...

PT-2024-23740 · Unknown +1 · Adsense Ads +1

Name of the Vulnerable Software and Affected Versions: Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress versions up to, and including, 2.5.0 Description: The issue allows for Remote Code Execution via the insert php shortcode due to the lack of restrictions on its...

CVE-2024-36599

A cross-site scripting XSS vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php...

Woody code snippets – Insert Header Footer Code, AdSense Ads < 2.5.1 -Authenticated (Contributor+) Remote Code Execution

Description The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insertphp' shortcode. This is due to the plugin not restricting the usage of the functionality to high leve...

PT-2024-27810 · Nextcloud · Nextcloud Desktop Client

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.12.0 Description: A code injection issue in the Nextcloud Desktop Client for macOS allows arbitrary code to be loaded when the client is started with the DYLD INSERT LIBRARIES environment variable...