CVE-2024-33819

Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Save Query function...

GHSA-JGX4-7V3V-VWFM Elasticsearch allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function...

CVE-2024-39018

harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-33819

Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Save Query function...

Globitel SpeechLog Analytics 安全漏洞

Globitel SpeechLog Analytics is a speech analysis module from Globitel. A security vulnerability exists in Globitel SpeechLog Analytics version v8.1, which was discovered to contain a stored cross-site scripting XSS vulnerability in the "Save Query" function...

CVE-2024-33819

CVE-2024-33819 affects Globitel KSA SpeechLog v8.1 with a stored cross-site scripting (XSS) flaw in the Save Query function. Root cause details aren’t explicitly provided in the sources, but multiple records confirm the vulnerability and affected version. Remediation guidance found in PT-2024-254...

CVE-2024-33819

Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Save Query function...

PT-2024-25499 · Globitel · Globitel Ksa Speechlog

Name of the Vulnerable Software and Affected Versions: Globitel KSA SpeechLog version 8.1 Description: A stored cross-site scripting XSS issue was found in the Save Query function. Recommendations: For version 8.1, consider disabling the Save Query function until a patch is available to prevent...

Sql injection

EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records...

PT-2023-19628 · Nozomi Networks · Cmc +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: An access control issue was found due to restrictions not being enforced in the debug functionality. This allows an authenticated user with reduced visibility to obtain unauthorized...

HGiga MailSherlock 操作系统命令注入漏洞

Hgiga MailSherlock is an enterprise email auditing system from China Henderson Technology Hgiga. HGiga MailSherlock version 4.5 suffers from an operating system command injection vulnerability, which originates from an insufficient filtering of user input by the query function. An attacker could...

Sql injection

A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is...

CVE-2022-39029 Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -1

Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...

WordPress Ni WooCommerce Custom Order Status plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A SQL injection vulnerability exists in the WordPress Ni WooCommerce Custom Order Status plugin, which stems fro...

dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially...

SQL Injection Vulnerability in Waychar Enrollment System VER 0.30 Article Query Function

Waychar Registration System is a free race registration system. A SQL injection vulnerability exists in the VER 0.30 article query function of the waychar registration system, which can be exploited by attackers to obtain sensitive information from the database...

uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery or uriComposeQueryEx function because the '&' character is mishandled in certain contexts...

Design/Logic Flaw

The queryfindclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via a crafted DNS query to an authoritativ...

Lxblog blog system variables cover the resulting injection+Getshell attached to the use of the exp-bug warning-the black bar safety net

Nonsense: lxblog is www. phpwind. net development of multi-blog system, now seems to have stopped updating! Statement: We only do the technical research, please do not illegally used, together with consequences with himself, independent of it! Text: Key file:/mod/ajaxmod.php if ! empty$POST $POST...

CVE-2024-33819

Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Save Query function...