CVE-2025-65020

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

CVE-2025-65034 Rallly Improper Authorization Allows Reopening of Any Finalized Poll via Public pollId

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and...

EUVD-2025-198232

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not...

CVE-2025-65033 Rallly Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID Manipulation

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not...

CVE-2025-65020 Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

EUVD-2008-4745

Malware in sbrugna...

EUVD-2008-6813

Malware in sbrugna...

EUVD-2006-1221

Malware in sbrugna...

EUVD-2005-3740

Malware in sbrugna...

CVE-2013-1400

Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or pollid parameter in a viewPollResults or userlogs action...

PHP-Nuke Top Module SQL Injection

Exploit Title: PHP-Nuke SQL injection Top Module + protection Bypass Google Dork: intext: Powered by PHP-Nuke Date: 2024-10-07 Exploit Author: Emiliano Febbi Vendor Homepage: https://phpnuke.org/ Software Link: https://sourceforge.net/projects/phpnuke/files/phpnuke/ Version: 6.x New concept of...

CVE-2020-24315

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database...

PT-2020-15680 · Vinoj Cardoza · Vinoj Cardoza Wordpress Poll Plugin

Name of the Vulnerable Software and Affected Versions: Vinoj Cardoza WordPress Poll Plugin versions prior to v37 Description: The issue allows users to execute SQL statements by crafting specific input, potentially leading to the dumping of the entire target's database. This is due to a lack of...

Sql injection

Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or pollid parameter in a viewPollResults or userlogs action...

WordPress Plugin Simply Poll SQL Injection Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the pollid parameter of the Simply Poll admin-ajax.php page of the...

NPDS 4.8/5.0 pollcomments.php thold Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13649/info NPDS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'thold' parameter. Successful exploitation could result in a...

CVE-2008-6853

SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter...

Sql injection

SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter...

MD-Pro 1.083.x - Survey Module pollID Blind SQL Injection

MD-Pro 1.083.x - Survey Module pollID Blind SQL Injection !Informationschema: Product: MDPro v 1.083.x site: www.maxdev.com Vuln: Blind $QL Injection pollID Author: XaDoS thanks to S3rg3770 dork: inurl:modules.php?op= "pollID" "Powered By MDPro" Vuln: PollID...

MD-Pro 1.083.x - Survey Module 'pollID' Blind SQL Injection

!Informationschema: Product: MDPro v 1.083.x site: www.maxdev.com Vuln: Blind $QL Injection pollID Author: XaDoS thanks to S3rg3770 dork: inurl:modules.php?op= "pollID" "Powered By MDPro" Vuln: PollID http://www.site.com/MDPropath/modules.php?name=Surveys&op=results&pollID=SQL or...