14 matches found
CVE-2020-12479
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...
EUVD-2018-20771
Malware in sbrugna...
EUVD-2018-12863
Malware in sbrugna...
EUVD-2013-3179
Malware in sbrugna...
EUVD-2016-4206
Malware in sbrugna...
EUVD-2008-3286
Malware in sbrugna...
EUVD-2022-3746
Malicious code in bioql PyPI...
CVE-2025-1735 pgsql extension does not check for errors during escaping
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...
WordPress Finance Consultant Theme <= 2.8 is vulnerable to PHP Object Injection
Software Finance Consultant Type Theme Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32293 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f21e6a47c3bc Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
CVE-2025-1736
CVE-2025-1736 affects PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. The issue is caused by insufficient validation of end-of-line characters in user-supplied headers, which may prevent certain headers from being sent or cause headers to be misinterpret...
CVE-2024-4258 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
WordPress SpiderCatalog plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress SpiderCatalog plugin 1.7.3 and earlier versions, which stems...
Google AdWords API PHP client library 6.2.0 - Arbitrary PHP Code Execution
Google AdWords API PHP client library 6.2.0 - Arbitrary PHP Code Execution Date: 06.11.2015 Title: Google AdWords API PHP client library = 6.2.0 Arbitrary PHP Code Execution Exploit Author: Dawid Golunski Vendor Homepage: https://developers.google.com/adwords/api/docs/clientlibraries Software Lin...
minibb2-rfi.txt
Title : MiniBB Forum = 2 Remote File Include index.php Discovered By :::: ThE-LoRd-Of-CrAcKiNg MeHdi ------------------------------------------------------------------------ Sorce Code: http://www.minibb.net/download.php?file=minibb20 ----- Affected software description : Application : MiniBB For...