EUVD-2020-6629

Malware in sbrugna...

EUVD-2005-4341

Malware in sbrugna...

EUVD-2006-0597

Malware in sbrugna...

CVE-2025-49853

CVE-2025-49853 affects ControlID iDSecure On-premises versions 4.7.48.0 and prior. Root cause is an SQL injection vulnerability that could leak arbitrary information and allow insertion of arbitrary SQL syntax into queries, impacting confidentiality and integrity (CVSS 3.1/4.0 CRITICAL). Remediat...

CVE-2023-26443

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...

Aero CMS v0.0.1 - SQL Injection (no auth)

Exploit Title: Aero CMS v0.0.1 - SQL Injection no auth Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://github.com/MegaTKC/AeroCMS Software Link: https://github.com/MegaTKC/AeroCMS Version: 0.0.1 Testeted on: Windows 10 using...

U.S. Dept Of Defense: SQL injection located in `███` in POST param `████████`

Hey DoD security team! I was able to exploit an SQL injection 1 in one of your domains. Description An SQL injection 1 was discovered in domain https://████████/██████ in the parameter ██████████. The SQL injection was located in a WHERE statment fallowed by a INT value. The vulnerable parameter...

CVE-2021-22847 Hyweb HyCMS-J1 - SQL Injection

Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege...

CVE-2020-14493

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands...

Command injection

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands...

CVE-2020-14493 OpenClinic GA

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands...

Mail.ru: [windows10.hi-tech.mail.ru] Blind SQL Injection

Доброе утро! Сегодня удалось найти у вас слепую скулю, правда она снова вне скопа походу URL: https://windows10.hi-tech.mail.ru/api/tweets?cityid=select0fromselectsleep25v Request: GET /api/tweets?cityid=select0fromselectsleep25v HTTP/1.1 Host: windows10.hi-tech.mail.ru User-Agent: Mozilla/5.0 X1...

Cross site scripting

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php...

qdPM 9.1 - search_by_extrafields[] SQL Injection

qdPM 9.1 - searchbyextrafields SQL Injection =========================================================================================== Exploit Title: qdPM 9.1 - 'searchbyextrafields' SQL Injection Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...

Hanno's projects: blind sql injection

Summary: There exists a possibility that your Serendipity installation is vulnerable to a blind sql injection. Description: By sending specially crafted SQL commands to /plugin/tag/ and timing how long it takes for the server to respond, it is quite possible that the blog backend is interepreting...

NodAPS 4.0 - SQL injection Cross-Site Request Forgery

NodAPS 4.0 - SQL injection Cross-Site Request Forgery Exploit Title: Online Booking system - NodAPS 4.0 - 'search' SQL injection / Cross-Site Request Forgery Date: 2018-05-16 Exploit Author: Borna nematzadeh L0RD Vendor Homepage:...

Piwigo Plugin Facetag 0.0.3 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Facetag Extension in Piwigo, Multiple SQL injection Date: 30-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author:...

通达oa2013又一奇葩注入DBA

简要描述： 无语了。。。 详细说明： 官网demo登录试用: http://www.day900.com/ 发现这个: http://www.day900.com/general/crm/apps/crm/include/search.php?ENTITY=crmmarketing&PAGESIZE=10&CURPAGE=&ORDERFIELD=&ORDERTYPE=&USERVIEW=1706 payload:ENTITY=crmmarketing' 返回这个: 请联系管理员 错误1064: You have an error in your SQL syntax; check the...

Localize: PHP PDOException and Full Path Disclosure

hi phrasekey , agian! in phraseChange action if set to array pdo quote show error! line 755 index.php Warning: PDO::quote expects parameter 1 to be string, array given in /srv/data/web/vhosts/www.localize.im/htdocs/classes/Database.php on line 30 Fatal error: Uncaught exception 'PDOException' wit...

ACC IMoveis 4.0 - SQL Injection Vulnerability

No description provided by source. Exploit Title : iMoveis SQL Injection Vulnerability Date : 26/10/2010 Author : EraGoN Software link : http://baixar7.com/download/acc-imoveis-script-php.rar/3d1e7bf4b9 Version : 1.1 Tested on : Linux / Windows XP Dork : inurl:imoveis.php?id= Error You have an...