CVE-2025-1135

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

EUVD-2023-33279

Malicious code in bioql PyPI...

CVE-2025-7037

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database...

CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...

b2evolution 6.11.6 - 'plugin name' Stored XSS

Exploit Title: b2evolution 6.11.6 - 'plugin name' Stored XSS Date: 09/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version of Chrome,...

Authorization Bypass

samba is vulnerable to authorization bypass attacks. The vulnerabiltiy exists as the 1 CreateAccount, 2 OpenAccount, 3 AddAccountRights, and 4 RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict...

Mandriva Linux Security Advisory : samba (MDVSA-2012:067)

A vulnerability has been found and corrected in samba : Security checks were incorrectly applied to the Local Security Authority LSA remote proceedure calls RPC CreateAccount, OpenAccount, AddAccountRights and RemoveAccountRights allowing any authenticated user to modify the privileges database...

samba: Incorrect permission checks when granting/removing privileges

The 1 CreateAccount, 2 OpenAccount, 3 AddAccountRights, and 4 RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obta...

Important: Red Hat Security Advisory: samba and samba3x security update

Updated samba3x and samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Design/Logic Flaw

The 1 CreateAccount, 2 OpenAccount, 3 AddAccountRights, and 4 RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obta...

[SA14124] Mambo Global Variables Security Bypass Vulnerability

TITLE: Mambo Global Variables Security Bypass Vulnerability SECUNIA ADVISORY ID: SA14124 VERIFY ADVISORY: http://secunia.com/advisories/14124/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Mambo 4.x http://secunia.com/product/872/ DESCRIPTION: A vulnerability...