5 matches found
CVE-2025-48208 Apache HertzBeat (incubating): Jmx JNDI injection vulnerability
Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary...
PT-2024-26625 · Bestwebsoft · Contact Form To Db
Name of the Vulnerable Software and Affected Versions: Contact Form to DB by BestWebSoft versions 1.7.2 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation...
PT-2023-18522 · Nextcloud · Nextcloud Deck
Name of the Vulnerable Software and Affected Versions: Nextcloud Deck versions prior to 1.6.5 Nextcloud Deck versions prior to 1.7.3 Nextcloud Deck versions prior to 1.8.2 Description: Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams...
PT-2021-23668
Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.7.3 Description The issue allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a...
Technical Details of BadBlue EXT.DLL Vulnerability
Several days ago, I reported a vulnerability in the EXT.DLL ISAPI of BadBlue. BadBlue 1.7.3 has now been released by the vendor Working Resources at http://www.badblue.com/down.htm for administrators to upgrade their systems. The vulnerability exists in how EXT.DLL sanitizes input for HTX/HTS...