CVE-2018-25402 The Open ISES Project 3.30A SQL Injection via inc_types_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...

CVE-2025-1726 [#BUG-000172669 ArcGIS Monitor has a security vulnerability]

There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some...

Pimcore Demo Allows GraphQL Introspection

Introspection is enabled on demo.pimcore.fun. The demo site has graphql as a feature for users, but allows users to run instropection queries, which presents a potential schema information disclosure vulnerability...

PT-2023-31900 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/demo versions prior to 10.3.0 Description: The issue concerns excessive data query operations in a large data table. Additionally, introspection is enabled on the demo site demo.pimcore.fun, which allows users to run introspection...

MYSQL Schema Dump

This module extracts the schema information from a MySQL DB server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'yaml' class MetasploitModule 'MYSQL Schema Dump', 'Description' = %Q This module extracts th...

ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability

ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-001 January 7, 2010 -- CVE ID: CVE-2009-4486 -- Affected Vendors: Novell -- Affected Products: Novell iManager -- Vulnerability Details: This vulnerability allows...