14 matches found
CVE-2008-6992
GreenSQL Firewall greensql-fw, possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL...
EUVD-2008-6951
Malware in sbrugna...
EUVD-2023-32126
Malicious code in bioql PyPI...
Sql injection
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds...
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
Wallarm NG WAF is ranked as a “High Performer” by G2, Spring 2021!
We are proud to announce that Wallarm NG WAF was ranked as a “High performer” by G2 in the Web Application Firewall category. This award from the G2 platform confirms that our solution is highly rated by current verified Wallarm WAF users, who left unbiased reviews and answers to WAF-related...
SmartBlog 2.0.1 Blind SQL Injection
Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...
researchutilization.org XSS vulnerability
Open Bug Bounty ID: OBB-447267 Description| Value ---|--- Affected Website:| researchutilization.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
The Bash Vulnerability: How to Protect your Environment
A recently discovered hole in the security of the Bourne-Again Shell bash has the majority of Unix/Linux including OS X admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts...
Sql injection
GreenSQL Firewall greensql-fw, possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL...
World Association of Newspapers SQL Injection Exploit
!/usr/bin/python This was written for educational purpose only. Use it at your own risk. Author will be not responsible for any damage! !!! Special greetz for my friend sinner01 !!! !!! Special thanx for d3hydr8 and rsauron who inspired me !!! . . | / | | \ \ | / / |\ \ \ |/ // / /\ \ / |/ \ / //...
PHP-Nuke Platinum 7.6.b.5 (dynamic_titles.php) SQL Injection Exploit
No description provided by source. !/usr/bin/perl Inphex use LWP::UserAgent; use LWP::Simple; use IO::Socket; use Switch; PHP-Nuke Platinum , ForumsStandart - magicquotesgpc = OFF , SQL Injection nukeusers Structure: userid name username useremail femail userwebsite useravatar userregdate usericq...
PHP-Nuke Platinum 7.6.b.5 (dynamic_titles.php) SQL Injection Exploit
Exploit for unknown platform in category web applications ==================================================================== PHP-Nuke Platinum 7.6.b.5 dynamictitles.php SQL Injection Exploit ==================================================================== !/usr/bin/perl Inphex use...
Sql injection
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "" backslash byte 0x5c to be the trailing byt...