1666 matches found
CVE-2019-14254
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become...
CVE-2019-14254
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become...
CVE-2016-10888
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues...
CVE-2018-5404 The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections.
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges 'User Console Only' role to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. A...
CVE-2018-16137
An issue was discovered in the Web Management Console in IPBRICK OS 6.3. There are multiple SQL injections...
Sql injection
An issue was discovered in the Web Management Console in IPBRICK OS 6.3. There are multiple SQL injections...
CVE-2018-16137
An issue was discovered in the Web Management Console in IPBRICK OS 6.3. There are multiple SQL injections...
bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
This script will try to find: the direct IP address of a server behind a firewall like Cloudflare, Incapsula, SUCURI ... an old server which still running the same inactive and unmaintained website, not receiving active traffic because the A DNS record is not pointing towards it. Because it's an...
Ticketly 1.0 - kind_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Ticketly 1.0 – Multiple SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...
CVE-2018-3885
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The orderby parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger thes...
SQL Injection
phpMyFAQ/phpMyFAQ is vulnerable to SQL Injections. The library does not properly escape parameters in the SQL query executed by the restore function, allowing malicious users to inject and execute arbitrary SQL queries...
ASUSTOR ADM <= 3.1.2.RHG1 Multiple Vulnerabilities - Active Check
ASUSTOR ADM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:asustor:adm"; if description...
WordPress Redirection 2.7.3 Remote File Inclusion
Details ================ Software: Redirection Version: 2.7.3 Homepage: https://wordpress.org/plugins/redirection/ Advisory report: https://advisories.dxw.com/advisories/ace-file-inclusion-redirection/ CVE: Awaiting assignment CVSS: 9 High; AV:N/AC:L/Au:S/C:C/I:C/A:C Description ================...
CVE-2018-12055
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contactus.php, faq.php, about.php, photogallery.php, privacy.php, and so on...
CVE-2018-12055
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contactus.php, faq.php, about.php, photogallery.php, privacy.php, and so on...
CVE-2018-6308
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the defaultcurrencyname parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate...
Debian DSA-4090-1 : wordpress - security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting XSS and Server-Side Request Forgery SSRF attacks, as well as bypass some access restrictions. C Tenable Network Security, Inc. The...
Debian: Security Advisory (DSA-4090-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Excerpts from The Ransomware Economy: Projections
Carbon Black recently published an investigative report on the Dark Web marketplace for ransomware. This is the final excerpt from that report, which you can find here. For more information about the rise of ransomware, and what you can do about it, check out the Ransomware Epidemic: Stop Bad...
[SECURITY] [DSA 3997-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3997-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 10, 2017 https://www.debian.org/security/faq -...