CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...

CVE-2025-44203

HotelDruid 3.0.7 is affected. An unauthenticated attacker can trigger information disclosure by causing verbose SQL error messages in creadb.php before pressing the 'create database' button. Malformed POST requests to the endpoint may reveal administrator credentials: username, password hash, and...

Exploit for Uncontrolled Resource Consumption in Digitaldruid Hoteldruid

CVE-2025-44203 HotelDruid 3.0.0 / 3.0.7 Sensitive Information...

CVE-2022-30875

Dolibarr 12.0.5 is vulnerable to Cross Site Scripting XSS via Sql Error Page...

CVE-2010-4753

Cross-site scripting XSS vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message...

CVE-2010-2854

Multiple cross-site scripting XSS vulnerabilities in modfile.php in Event Horizon EVH 1.1.10, when magicquotesgpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the 1 YourEmail and 2 VerificationNumber parameters, which are not properly handled in a forced SQL erro...

CVE-2010-2722

Cross-site scripting XSS vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artistid parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the...

CVE-2010-1339

Cross-site scripting XSS vulnerability in tsother.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message...

CVE-2010-1076

Cross-site scripting XSS vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are...

Citrix Provisioning - Configuration Wizard fails after upgrade to 2503

PVS Configuration Wizard fails with errors after PVS upgrade to version 2503. ConfigWizard.log located in C:\ProgramData\Citrix\Provisioning Services\Log on the PVS Server shows: ERROR:SqlException caught, Number = 207, Message = Invalid column name 'isXsProxyConfigRequired'. Updating server...

BIT-DOLIBARR-2022-30875

Dolibarr 12.0.5 is vulnerable to Cross Site Scripting XSS via Sql Error Page...

BIT-SUPERSET-2024-27315 Apache Superset: Improper error handling on alerts

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...

Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect Vulnerabilities

Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities. Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 Exploit Author: Andrey Stoykov Version: 9.2.7 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com...

Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect

Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 Date: 4/2024 Exploit Author: Andrey Stoykov Version: 9.2.7 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Verbose Error Message - Stack Trace: 1. Directly browse to edit profile page 2. Error should come up with verbose stack...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0083-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-27315

Summary: CVE-2024-27315 affects Apache Superset and is caused by improper error handling when an authenticated user with privileges to create Alerts triggers a database error via a crafted SQL statement, potentially exposing data in error logs. Affected versions: before 3.0.4 and 3.1.0 before 3.1...

Easy Forms for Mailchimp < 6.8.9 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. When the debug settings is enabled ie...

File Upload Filter Bypass

Description A sanitization filter bypass in plupload.php in MicroweberCMS v1.3.1 allows remote authenticated attackers to upload files outside the restricted location. The target $path for the image is being sanitized here: php $pathrestirct = userfilespath; if isset$REQUEST'path' and...

Missing length validation of user displayname allows to generate an SQL error

None...

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726...