Exploit for CVE-2025-52688

CVE-2025-52688 Affected Products Alcatel AP13161 - Enterpri...

CVE-2024-0405

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', a...

PT-2024-9447 · Iperf +7 · Iperf +7

Name of the Vulnerable Software and Affected Versions: iperf version 3.17.1 Description: The issue is related to incorrect handling of test parameters sent to the server in json format. Exploitation of this issue may allow a remote attacker to cause a denial of service. A segmentation violation w...

GL.iNet Unauthenticated Remote Command Execution via the logread module.

A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the glsystemlog and glcrashlog interface in the logread module. This exploit requires post-authentication using the Admin-Token...

GL.iNet Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' class MetasploitModule 'GL.iNet Unauthenticated Remote Command Execution via the logread module.', 'Description' = %q A command injection...

Burst Statistics Really Simple Plugins < 1.5.4 - Editor+ SQL Injection

Description The plugin is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', and 'referrer'. This vulnerability arises due to insufficient...

CVE-2024-0405

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', a...

Sql injection

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', a...

CVE-2024-0405 Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', a...

CVE-2024-0405

The CVE-2024-0405 entry concerns Burst Statistics – Privacy-Friendly Analytics for WordPress (plugin), version 1.5.3, vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in /wp-json/burst/v1/data/compare (parameters include browser, device, page_id, page_url, platform, ref...

Infor CRM 8.2.0.1136 Cross Site Scripting

Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities Vendor: Infor Product web page: http://www.infor.com Affected version: 8.2.0.1136 Summary: Infor® CRM, formerly Saleslogix, is an award-winning customer relationship management CRM solution that provides a complete view of...

Unsafe Query Generation Risk in Ruby on Rails

Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does not let an attacker insert arbitrary values into an SQL query,...