CVE-2024-24023

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list...

PT-2024-20235 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions prior to 4.3.0-RC1 Description: A SQL injection issue exists, allowing an attacker to perform SQL injection by passing crafted offset, limit, and sort parameters via the "/common/dict/list" API endpoint. Recommendations: F...

SUSE CVE-2008-4094

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...

CVE-2022-40405

WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs...

Sql injection

WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs...

Sql injection

WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients...

CVE-2022-42984

WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients...

CVE-2022-40405

WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs...

WoWonder Social Network Platform SQL注入漏洞

WoWonder Social Network Platform is a PHP social networking script by WoWonder. It is used to create your own social networking website. A security vulnerability exists in WoWonder Social Network Platform version 4.1.4, which stems from an attacker being able to implement SQL injection via the...

WoWonder Social Network Platform SQL注入漏洞

WoWonder Social Network Platform is a PHP social networking script by WoWonder. It is used to create your own social networking website. A security vulnerability exists in WoWonder Social Network Platform version v4.1.2, which stems from an attacker being able to implement SQL injection via the...

Potential DoS in unbounded for loop

Lines of code Vulnerability details Proof of Concept The function facets in Getters.sol iterates over the DiamondStorage facets array. In Diamond.sol we can see that by calling diamondCut in a way that saveFacetIfNew gets called, the diamond owner can add an indefinite amount of entries. If this ...

Sql injection

The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin i...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin SEO Redirection prior to version 8.2. T...

CVE-2019-11592

WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php...

NEC Aterm HC100RC Buffer Overflow Vulnerability (CNVD-2019-01316)

The NEC Aterm HC100RC is a network camera from Nippon Electric NEC. A buffer overflow vulnerability exists in the NEC Aterm HC100RC using firmware version 1.0.1 and earlier, which can be exploited by an attacker to execute arbitrary code with the help of the 'date', 'time' and 'offset ' parameter...

NEC Aterm HC100RC Operating System Command Injection Vulnerability

The NEC Aterm HC100RC is a network camera from Nippon Electric NEC. An operating system command injection vulnerability exists in the NEC Aterm HC100RC using firmware version 1.0.1 and earlier, which can be exploited to execute arbitrary operating system commands with the help of the 'date',...

CVE-2018-0639

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via toolsfirmware.cgi date parameter, time parameter, and offset parameter...

CVE-2018-0640

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter...

CVE-2018-0641

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via toolssystem.cgi date parameter, time parameter, and offset parameter...

CVE-2018-0641

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via toolssystem.cgi date parameter, time parameter, and offset parameter...