SQL Injection

CakePHP is vulnerable to SQL Injection attacks. The vulnerability exists in limit and offset functions of Query.php due to unsantized user input which allows an attacker to inject and execute arbitrary SQL queries...

CVE-2019-9858

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...

Sophos Web Appliance 4.3.0.2 Remote Command Injection

Exploit Title: Sophos Web Appliance reporting JSON trafficType Remote Command Injection Vulnerablity Date: 01/28/2017 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link: sophos.com/en-us/products/secure-web-gateway.aspx Version: 4.3.0.2 Tested on: 4.3.0.2 CVE :...

Encore ENPS-2012 - Cross-Site Scripting

GotGeek Labs http://www.gotgeek.com.br/ Encore ENPS-2012 Cross-site Scripting Vulnerability + Description Encore 3-Port Print Server converts a standalone USB or a parallel printer into a shared printer, through a wired Ethernet connection. As a result, you can save the cost and space for...

ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit

No description provided by source. ?/ File: shoutbox.php Affects: ShoutPro 1.5.2 may affect earlier versions Date: 17th April 2007 Issue Description: =========================================================================== ShoutPro 1.5.2 fails to fully sanitize user input $shout that it writes...