23 matches found
EUVD-2026-43255
A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpcargs can lead to sql injection. T...
CVE-2026-15514
A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpcargs can lead to sql injection. T...
CVE-2026-52810
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...
CVE-2026-52810
CVE-2026-52810 affects Gogs (Git self-hosted) where the authorization policy is derived from the client-supplied service parameter (e.g., service=git-upload-pack) instead of the actual RPC path. Consequently, requests to the write endpoint /repo.git/git-receive-pack can be treated as read, while ...
CVE-2026-52810 Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusion
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...
CVE-2026-33005
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields...
CVE-2025-57213
Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request...
EUVD-2008-7096
Malware in sbrugna...
EUVD-2017-18045
Malware in sbrugna...
EUVD-2023-34863
Malicious code in bioql PyPI...
CVE-2024-51473
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...
PT-2025-17878 · WordPress · Shoplentor
Name of the Vulnerable Software and Affected Versions: The ShopLentor plugin for WordPress versions up to, and including, 3.1.2 Description: The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application, potentially querying and...
389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...
CVE-2020-27782
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This...
rubygems: DNS hijacking vulnerability
A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a rubygems.tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain...
Windows Services Stop
If the Windows services got started manually by a VT then stop those services at the end of a scan. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
dns-service-discovery NSE Script
Attempts to discover target hosts' services using the DNS Service Discovery protocol. The script first sends a query for services.dns-sd.udp.local to get a list of services. It then sends a followup query for each one to try to get more information. Script Arguments max-newtargets, newtargets See...
CVE-2008-5277
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service daemon crash via a CH HINFO query...
CVE-2004-0096
Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...
CVE-2004-0096
Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...