PT-2025-5856

Name of the Vulnerable Software and Affected Versions WhoDB versions prior to 0.45.0 Description The issue allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on, due to the lack of path traversal prevention. The database fil...

WhoDB 安全漏洞

WhoDB is a data browser from clidey open source. A security vulnerability exists in WhoDB 0.45.0 and earlier versions, which stems from the lack of protection against path traversal, allowing an unauthenticated attacker to open any Sqlite3 database on the running host...

BIT-SUPERSET-2023-39265 Apache Superset: Possible Unauthorized Registration of SQLite Database Connections

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...

CVE-2024-51747

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...

Elspec G5 Digital Fault Recorder Improper Handling of Insufficient Permissions or Privileges (CVE-2024-22077)

An issue was discovered in Elspec G5 digital fault recorder. The SQLite database file has weak permissions. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if descriptio...

SQL Injection in default_jsonalyzer via prompt injection leads to arbitrary file creation

Target Link Description defaultjsonalyzer function used in JSONalyzeQueryEngine execute a sqlite query that llm made. If the attacker control the sqlite query with prompt injection and execute a malicious sqlite query, then Denial-of-Service attack and arbitrary file creation is possible. Root...

CVE-2024-51747

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...

DEBIAN-CVE-2024-51748

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

PT-2024-8970 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.42 Description: The issue is related to incorrect restriction of a directory path with limited access in Kanboard project management software. This can allow a remote attacker to read and delete arbitrary files...

PT-2024-8971 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.42 Description: The issue concerns the Kanboard project management software, which focuses on the Kanban methodology. An authenticated Kanboard admin can execute arbitrary PHP code on the server due to a path...

BYOB Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sqlite3' class MetasploitModule 'BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection CVE-2024-45256, CVE-2024-45257', 'Description' = %q Thi...

BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)

This module exploits two vulnerabilities in the BYOB Build Your Own Botnet web GUI: 1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. 2. CVE-2024-45257: Authenticated command injection in the payload generation page...

CVE-2024-8877

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...

CVE-2024-8877 SQL Injection

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...

CVE-2024-8877

Riello Netman 204 contains a SQL injection in three CGI endpoints: /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi. The Nuclei template details unauthenticated SQLi that lets an attacker modify collected log data. The CVE description confirms the issue is li...

CVE-2024-44739

Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manageuser&id=...

Build Your Own Botnet 2.0.0 Remote Code Execution

Exploit Title: BYOB Build Your Own Botnet v2.0.0 Unauthenticated RCE Remote Code Execution Date: 2024-08-14 Exploit Author: @chebuya Software Link: https://github.com/malwaredllc/byob Version: v2.0.0 Tested on: Ubuntu 22.04 LTS, Python 3.10.12, change numpy==1.17.3-numpy CVE: CVE-2024-?????,...

SUSE CVE-2024-7009

Unsanitized user-input in Calibre = 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database...

DEBIAN-CVE-2024-7009

Unsanitized user-input in Calibre = 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database...

CVE-2024-7009

CVE-2024-7009 affects Calibre