CVE-2019-25431

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...

CVE-2019-25431

CVE-2019-25431 affects delpino73’s Blue-Smiley-Organizer 1.32. The issue is an SQL injection in the datetime parameter that allows unauthenticated attackers to manipulate queries. Attacks can inject SQL through POST requests to extract sensitive data using boolean-based blind or time-based blind ...

CVE-2022-38614

An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter...

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

CVE-2025-67509

CVE-2025-67509 affects the Neuron PHP framework up to version 2.8.11, where the MySQLSelectTool is vulnerable to a read-only bypass that permits file writes via SQL constructs like INTO OUTFILE/INTO DUMPFILE. Validation that relies on the first keyword (e.g., SELECT) and a forbidden-keyword list ...

EUVD-2025-202171

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

GHSA-J8G6-5GQC-MQ36 Neuron MySQLSelectTool “read-only” bypass via `SELECT ... INTO OUTFILE` (file write → potential RCE)

Impact MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying. However, validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can...

Arbitrary Code Injection

Overview neuron-core/neuron-ai is a The PHP Agentic Framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such in the MySQLSelectTool. A...

Neuron MySQLSelectTool “read-only” bypass via `SELECT ... INTO OUTFILE` (file write → potential RCE)

Impact MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying. However, validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can...

CVE-2013-10033

An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the dbrestore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to...

Exploit for CVE-2024-54761

BigAnt Office Messenger 5.6.06 RCE via SQL Injection SQL injec...

SUSE CVE-2003-0150

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf...

SUSE CVE-2006-6169

Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...

CVE-2022-38614

An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter...

PT-2022-24481 · Unknown · Smartvista Cardgen

Name of the Vulnerable Software and Affected Versions: SmartVista Cardgen version 3.28.0 Description: The issue affects the IGB Files and OutfileService features, allowing attackers to list and download arbitrary files by modifying the PATH parameter. Recommendations: For SmartVista Cardgen versi...

Metasploit Wrap-Up

Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...

CVE-2019-17370

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...

[slackware-security] bzip2

New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bzip2-1.0.8-i586-1slack14.2.txz: Upgraded. Fixes security issues: bzip2recover: Fix use after free issue with outFile. Mak...