17 matches found
CVE-2019-25439 NoviSmart CMS SQL Injection via Referer HTTP Header
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
Towards Privacy-Preserving and Personalized Smart Homes Via Tailored Small Language Models
Large Language Models LLMs have showcased remarkable generalizability in language comprehension and hold significant potential to revolutionize human-computer interaction in smart homes. Existing LLM-based smart home assistants typically transmit user commands, along with user profiles and home...
The vulnerability of the software for managing and monitoring remote devices in telemetry and telemechanics systems, related to the lack of measures taken to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.
The vulnerability of software for managing and monitoring remote devices in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
PT-2025-37376
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description The Chamilo learning management system has an OS Command Injection issue. This occurs due to a failure to neutralize special elements used in the operating system command. Successful exploitation...
VulnCheck KEV: CVE-2019-4061
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869...
The vulnerability of the “links” function in the Cacti network monitoring software allows a hacker to execute arbitrary SQL queries.
The vulnerability of the “links” function in the Cacti network monitoring software is related to the lack of validation for the sequences of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability of the audit log management mechanism of the Secure Access Management System IED Siemens RUGGEDCOM CROSSBOW allows a perpetrator to execute arbitrary SQL queries.
The vulnerability of the audit log management mechanism of the Secure Access Management System for IED Siemens RUGGEDCOM CROSSBOW is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL...
SUSE CVE-2007-2925
The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache...
SUSE CVE-2013-7423
The senddg function in resolv/ressend.c in GNU C Library aka glibc or libc6 before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function...
The vulnerability of the GLPI system’s handling of requests and incidents, related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL queries.
The vulnerability of the GLPI system’s handling of requests and incidents is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability in the virtual training environment Moodle arises due to insufficient cleaning of data provided by users in XML-RPC calls, allowing attackers to execute arbitrary SQL queries.
The vulnerability in the virtual training environment Moodle exists due to insufficient cleaning of data provided by users in XML-RPC calls. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability in the web interface of the Cisco Unified Communications Manager IM & Presence Service allows a perpetrator to execute arbitrary SQL queries.
The vulnerability of the Web interface for managing the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P is related to input validation errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL queries remotely...
PT-2019-16872 · Ibm · Ibm Bigfix Platform
Name of the Vulnerable Software and Affected Versions: IBM BigFix Platform versions 9.2 through 9.5 Description: The issue allows an attacker to remotely query the relay and gather information about updates and fixlets deployed to associated sites due to the lack of authenticated access...
MyBB 1.8.1 Cross Site Scripting / SQL Injection
Title: MyBB 1.8.X - Multiple Vulnerabilities Date: 13.11.2014 Tested on: Linux / Apache 2.2 / PHP 5 localhost Vendor: mybb.com Version: = 1.8.1 - Latest ATM Contact: [email protected] Author: Smash Latest MyBB forum software suffers on multiple vulnerabilities, including SQL Injection and Cross...
DEBIAN-CVE-2007-2925
The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache...
CVE-2006-4562
The proxy DNS service in Symantec Gateway Security SGS allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on th...
PT-2006-5355 · Symantec · Symantec Gateway Security
Name of the Vulnerable Software and Affected Versions: Symantec Gateway Security SGS affected versions not specified Description: The issue allows remote attackers to make arbitrary DNS queries to third-party DNS servers while hiding the source IP address of the attacker. It is related to the pro...