CVE-2020-37163 QuickDate 1.3.2 - SQL Injection

QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'located' parameter in the findmatches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name...

CVE-2020-37108 PhpIX 2012 Professional - 'id' SQL Injection

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

CVE-2020-36947 LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection

LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve...

PT-2026-4926

Name of the Vulnerable Software and Affected Versions LibreNMS version 1.46 Description LibreNMS version 1.46 contains an authenticated SQL injection issue in the MAC accounting graph endpoint. This allows remote attackers to extract database information by manipulating the sort parameter with...

PT-2026-4980

Name of the Vulnerable Software and Affected Versions Performance Evaluation EDD application versions affected versions not specified Description An out-of-band SQL injection OOB SQLi issue exists in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación...

EUVD-2024-26862

Malicious code in bioql PyPI...

EUVD-2025-15834

Malicious code in bioql PyPI...

EUVD-2024-26863

Malicious code in bioql PyPI...

EUVD-2024-26864

Malicious code in bioql PyPI...

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A security vulnerability exists in SOPlanning versions prior to 1.45, which stems from vulnerability to SQL injection attacks that allow a remote user to send a specially crafted query and extract all information...

CVE-2024-2724

SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query...

CVE-2024-29871

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the da...

CVE-2024-29874

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sortname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it...

CVE-2024-29870

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'businessid' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'businessid' parameter. The exploitation of this vulnerability could allow a remote user to send a speciall...

European Spyware Vendor Offering Android and iOS Device Exploits

By Deeba Ahmed The proposal documents were leaked on a Russian hacking forum showing Intellexa is offering remote data extraction from Android and iOS devices in exchange for $8 million. This is a post from HackRead.com Read the original post: European Spyware Vendor Offering Android and iOS Devi...

Prestashop SQL注入漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides a variety of payment methods, SMS alerts and product image scaling and other features. Prestashop 1.7.8 before the version of the SQL injection vulnerability , the vulnerability stems...

Bosch IP cameras 访问控制错误漏洞

Bosch IP cameras are German Bosch network cameras A security vulnerability in Bosch IP cameras, which stems from a lack of authentication in a critical function of the cameras, allows an unauthenticated remote attacker to extract sensitive information or change camera settings by sending a crafte...

CVE-2018-16957

The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network...

baijiacms SQL Injection Vulnerability

baijiacms is a content management system CMS for e-commerce. A SQL injection vulnerability exists in version 4 of baijiacms, which can be exploited by a remote attacker to obtain data from the database using the 'order' parameter in the index.php?act=index request...

PowerShell Incident Response: Psrecon

Psrecon is an open source script that you can use to gather data from a remote Windows host using PowerShell v2 or later, organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushe...