CVE-2026-39957

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'usergroupid' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who owns...

EUVD-2017-6096

Malware in sbrugna...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.24-openssl (SUSE-SU-2025:03158-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03158-1 advisory. Update to version 1.24.6 cut from the go1.24-fips-release branch at the revision tagged...

CVE-2017-14595

Joomla! prior to 3.8.0 contains CVE-2017-14595: a logic bug in an SQL query that could disclose article intro texts for archived articles. Affected versions: 3.7.0–3.7.5. Remediation: upgrade to version 3.8.0 or later (patched). Exploitation details are not described in the provided documents.

PostNuke Module v4bJournal - Remote SQL Injection Vulnerability

No description provided by source. ---------------------------------------- PostNuke Journal ---------------------------------------- DISCOVERED BY :Ali Abbasi Olom Fonon Mazandaran University - Security Research Center, Babol, Iran Greetz For All Y! UnderGround Group Members www.2600.ir Greetz F...

WebSihirbazi 5.1.1 (pageid) Remote SQL Injection Vulnerability

No description provided by source. ||---------------------------------------------------------------------- | Title : websihirbazi v5.1.1 Remote Blind SQL Injection Vulnerability| ||---------------------------------------------------------------------- | AUTHOR: bypas |...

endonesia84-sql.txt

Application: eNdonesia 8.4 Web Site: http://www.endonesia.org/ Versions: all Platform: linux, windows Bug: multiple injection sql Fix Available: no ------------------------------------------------------- 1 Introduction 2 Bug 3 proof of concept =========== 1 Introduction =========== "eNdonesia 8.4...

fusetalkautherror-xss.txt

Hello everyone, After trying to report a SQL bug autherror.cfm to FuseTalk, and seeing them providing patches to customers dropping new fixed .cfm files in a private place reserved to customers without giving proper credits and without reporting them publicly we were following the Full Disclosure...

pnv4b-sql.txt

---------------------------------------- PostNuke Journal ---------------------------------------- DISCOVERED BY :Ali Abbasi Olom Fonon Mazandaran University - Security Research Center, Babol, Iran Greetz For All Y! UnderGround Group Members www.2600.ir Greetz For All Persian Bugtraq Members...

PostNuke Module v4bJournal - SQL Injection

PostNuke Module v4bJournal - SQL Injection ---------------------------------------- PostNuke Journal ---------------------------------------- DISCOVERED BY :Ali Abbasi Olom Fonon Mazandaran University - Security Research Center, Babol, Iran Greetz For All Y! UnderGround Group Members www.2600.ir...

IBM DB2 SQL DOS

1.Description The DB2 Universal Database builds upon the stability and performance of DB2 on the mainframe and provides the features required in a distributed database product. DB2 Universal Database UDB is IBM's relational database server solution for the UNIX, OS/2 and Windows NT/2000 operating...