Sql injection

The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backupdate parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion...

CVE-2021-24866 WP Data Access < 5.0.0 - Admin+ SQL Injection

The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backupdate parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion...

WPcalc <= 2.1 - Authenticated SQL Injection

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. Plugin author closed the plugin. PoC http://www.example.com/wp-admin/admin.php?page=wpcalc=del=1 AND SELECT 7156 FROM SELECTSLEEP5MIkl or, usin...

Open Redirect in openwhyd/openwhyd

Description This vulnerability was discovered in Here by @mdakh404. However, it is not patched properly and I bypassed with a simple trick. diff r.html = mainTemplate.renderWhydPager; // call the adequate renderer - if r.redirect response.redirectr.redirect; + if r.redirect...

CVE-2021-24860 BSK PDF Manager < 3.1.2 - Admin+ SQL Injection

The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue...

CVE-2021-24755 myCred < 2.3 - Subscriber+ SQL Injection

The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user...

Sql injection

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

Debian: Security Advisory (DLA-2824-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2824-1] firebird3.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2824-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 20, 2021 https://wiki.debian.org/LTS -...

Missing Emergency Pause Check

Handle defsec Vulnerability details Impact During the manual code review, It has been observed that minting progress is not checked when the contract is emergency paused. This can cause misfunctionality and unlocking user funds during the emergency pausing. Proof of Concept 1- Navigate to ""...

StopBadBots < 6.67 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection PoC GET / HTTP/1.1 User-Agent: Zongbot' where id = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'-- - Accept:...

CVE-2020-23904

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service DoS via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program...

Stack overflow

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service DoS via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program...

Overflow/crash in `tf.range`

Impact While calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the...

CVE-2021-24625

The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category...

Sql injection

The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category...

CVE-2021-24791 Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections...

CVE-2021-24625 SpiderCatalog <= 1.7.3 - Admin+ SQL Injection

The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category...

Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection

The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection. PoC...

Can't claim last part of airdrop

Handle gpersoon Vulnerability details Impact Suppose you are eligible for the last part of your airdrop or your entire airdrop if you haven't claimed anything yet. Then you call the function claim of AirdropDistribution.sol, which has the following statement: "assertairdropmsg.sender.amount -...