Improper Control of Generation of Code

Description Kimai Plugin EasyBackupBundle allows admins to edit mysql commands from the configuration tab, an attacker can append arbitrary commands to achieve code execution. This can be also extended to an arbitrary file read while specifying filenames such as /etc/passwd in backup. Proof of...

April 11, 2023—KB5025229 (OS Build 17763.4252) - EXPIRED

April 11, 2023—KB5025229 OS Build 17763.4252 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. 11/17/20 For...

WordPress User Meta Manager Plugin 3.4.6 - Blind SQL Injection

Because of this vulnerability, arbitrary MySQL commands can be passed to "ummuser" GET parameter by a registered user. Solution Update the plugin...

xt:Commerce 3.04 SP2.1 - Blind SQL Injection

+---------------------------------+ | xt:Commerce = v3.04 SP2.1 | | commerce:SEO = v2.1 CE | | Gambio = v2.0.10 SP1.4 | | Time Based Blind SQL Injection | +---------------------------------+ Author.............: Ralf Zimmermann Mail...............: infoATstoffline.com Vendor Homepage....:...