EUVD-2023-2939

Malicious code in bioql PyPI...

CVE-2024-8749

SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...

CVE-2024-8466

CVE-2024-8466 describes a SQL injection in PHPGurukul Job Portal (version 1.0) where the CATEGORY parameter in /jobportal/admin/category/controller.php is processed unsafely, enabling an attacker to craft queries to retrieve information stored in the system. The connected documents confirm affect...

CVE-2024-33960

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in...

CVE-2024-33971

CVE-2024-33971 describes an SQL injection vulnerability in the PayPal, Credit Card and Debit Card Payment software (version 1.0, janobe products) where an attacker can exploit the username parameter passed to the /login.php endpoint to retrieve data. Documents consistently tie this to SQL injecti...

CVE-2023-2544 Authorization Bypass on UPV PEIX

Authorization bypass vulnerability in UPV PEIX, affecting the component "pdfcurrinew.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users...

How to get delivery group published name/assigned users detail information via Powershell command

Get delivery group published name/assigned users/Desktopsdetail information via Powershell command...

Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID

Impact An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as...

Design/Logic Flaw

The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers...

smb-ls NSE Script

Attempts to retrieve useful information about files shared on SMB volumes. The output is intended to resemble the output of the UNIX ls command. Script Arguments smb-ls.path the path, relative to the share to list the contents from default: root of the share smb-ls.pattern the search pattern to...