PT-2026-5167

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication,...

CVE-2026-1183

CVE-2026-1183 is an HTML injection vulnerability affecting multiple Botble products (TransP, Athena, Martfury, Homzen). The issue arises from improper validation of user input, specifically via the /search endpoint using the q parameter. Public sources (NVD/Red Hat/CVE records) describe the vulne...

Micro User Registration Utility 注入漏洞

Micro User Registration Utility is a telephone auto-registration tool by olel individual developers. An injection vulnerability exists in the Micro User Registration Utility that stems from improper input validation leading to the injection of specially crafted characters, which could lead to cal...

EUVD-2019-1992

Malware in sbrugna...

The vulnerability of the sub_1225C function in the mainfunction.cgi web interface of the DrayTek Vigor router software allows a hacker to execute arbitrary commands.

The vulnerability of function sub1225C in the mainfunction.cgi web interface of the DrayTek Vigor router software lies in the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows attackers to perform a “denial-of-service” attack.

The vulnerability of the Oracle MySQL Server component of the database management system’s optimizer is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to execute a DoS Denial-of-Service attack remotely...

ClinicCases 跨站脚本漏洞

ClinicCases is an open source case management system designed for law school clinics. A cross-site scripting vulnerability exists in ClinicCases version 7.3.3 that stems from the software's lack of effective validation and filtering of user-submitted parameters. The vulnerability allows an...

CVE-2019-1010250

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: createFlow and createFlows functions in FlowWebResource.java RESTful service. The...

CVE-2019-1010250

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: createFlow and createFlows functions in FlowWebResource.java RESTful service. The...

CVE-2019-1010252

The Linux Foundation ONOS 2.0.0 and earlier is affected by Poor Input-validation in FlowRuleManager.java (applyFlowRules() and apply()). This can allow a network administrator or attacker to install unintended flow rules in the switch via network-management connectivity. Root cause: inadequate in...

CVE-2019-1010252

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: applyFlowRules and apply functions in FlowRuleManager.java. The attack vector is:...

The vulnerability of the command-line interface of the Cisco NX-OS network operating system allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the command-line interface CLI of the Cisco NX-OS network operating system is related to insufficient validation of input data. Exploiting this vulnerability could allow a attacker to execute arbitrary code with root privileges on the Linux base operating system...

Drupal CMS version 7.12 suffers from multiple cross site request forgery vulnerabilities

No description provided by source. Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date : 02-03-2012 Author : Ivano Binetti http://ivanobinetti.com Software link : http://drupal.org/download Vendor site : http://drupal.org Version : 7.12 and lower Tested on : Debian...

remote command execution in 'tattle'

Hello, a recent bugtraq posting by CISSP C.J. Steele contains a vulnerability which will leave a box possibly open for remote command execution. There are many ways to exploit this, but I chose logging in through ftp with username like sshd rhost 9 10 11 |rm$IFS-rf$IFS/|echo'1.1.1.1' because of...