CVE-2024-27287

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...

SQL Injection

intelliants/subrion is vulnerable to SQL Injection. The vulnerability is due to unsanitized user-controlled data used while constructing a query. This allows attackers to manipulate sql queries and execute arbitrary sql commands...

Command injection

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...

SQL Injection in Zingbox Inspector

An SQL injection vulnerability exists in the Zingbox Inspector management interface that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Ref: CVE-2019-15016 The vulnerability allows for authenticated users to pass unsanitized commands ...

WordPress Pondol Form to Mail Plugin <= 1.1 - Cross Site Scripting (XSS)

Because of this vulnerability, the variable itemid appears to send unsanitized data back to the users browser. Vulnerable file is pondol-formmail/pages/admin-mail-info.php. Solution Update the plugin...

phpRPC 0.7 - Remote Code Execution

phpRPC 0.7 - Remote Code Execution phpRPC Remote Code Execution Vendor: Robert Hoffman Product: phpRPC Version: = 0.7 Website: http://sourceforge.net/projects/phprpc/ BID: 16833 CVE: CVE-2006-1032 OSVDB: 23514 SECUNIA: 19028 PACKETSTORM: 44267 Description: phpRPC is meant to be an easy to use...

PHPXMLRPC &lt; 1.1 - Remote Code Execution

PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc. Product: PHPXMLRPC Version: = 1.1 Website: http://phpxmlrpc.sourceforge.net/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-R...

Ibrahim Ã?AKICI Okul Portal 2.0 Haber_Oku.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24379/info Ibrahim Ã?AKICI Okul Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue by...

PEAR XML_RPC Remote Code Execution Vulnerability

GulfTech Security Research June 29th, 2005 Vendor : The PEAR Group URL : http://pear.php.net/package/XMLRPC/ Version : PEAR XMLRPC 1.3.0 && Earlier Risk : Remote Command Execution Description: PEAR XMLRPC is a PHP implementation of the XML-RPC web RPC protocol, and used by many different develope...

BookReview 1.0 Multiple Script XSS

The remote host is running the BookReview software. The remote version of this software is vulnerable to multiple cross-site scripting attacks due to a lack of sanitization of user-supplied data. Successful exploitation of this issue may allow an attacker to use the remote server to perform an...