EUVD-2009-3239

Malware in sbrugna...

EUVD-2018-17313

Malware in sbrugna...

EUVD-2022-3656

Malicious code in bioql PyPI...

CVE-2019-8954

In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter in conjunction with the id parameter in a updjxcode=true action to the ndxzstudio/?a=system URI...

Exploit for SQL Injection in Valvepress Automatic

CVE-2024-27956-RCE File Package Contents: 1. exploit.py...

K23024812: BIG-IP APM vulnerability CVE-2018-5544

Security Advisory Description When the BIG-IP APM system renders certain pages with a logon agent or a confirm box, the system may disclose configuration information such as partition and agent names via URI parameters. CVE-2018-5544 Impact This vulnerability allows unauthorized disclosure of...

CVE-2022-35740

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

Genivia gSOAP WS-Addressing plugin code execution vulnerability redux

Talos Vulnerability Report TALOS-2021-1245 Genivia gSOAP WS-Addressing plugin code execution vulnerability redux March 24, 2021 CVE Number CVE-2021-21783 Summary A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP...

CVE-2018-20243

The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629...

Mail.ru: SQL Injection at https://lite.r-keeper.ru/site_api/clients/derision/?lang=ru

SQL Injections in lite.r-keeper.ru due to unsafe usage of URI parameters...

PT-2020-12072 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/edit-category.php by adding a question mark ?...

Default configuration

When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages pages with a logon agent or a confirm box, the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters...

CVE-2018-5544

When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages pages with a logon agent or a confirm box, the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters...

CVE-2018-5544

CVE-2018-5544 affects F5 BIG-IP APM rendering pages with a logon agent or confirm box, potentially disclosing configuration details (partition/agent names) via URI parameters. Affected: BIG-IP APM 13.0.0–13.1.1 (also 12.1.0–12.1.3 per advisory table). 12.x is not vulnerable per the table; 14.x fi...

OpenResty Access Restriction Bypass Vulnerability

OpenResty is a high-performance Web platform based on Nginx and Lua , its internal integration of a large number of sophisticated Lua libraries , third-party modules and most of the dependencies . An access restriction bypass vulnerability exists in OpenResty versions prior to 1.13.6.1. The...

Design/Logic Flaw

DISPUTED In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application...

CVE-2018-9230

In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall...

CVE-2018-9230

In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall...

Mail.ru: XSS уязвимость

Reflected XSS in https://account.mail.ru/signup via URI GET parameters...

PG All Share Video 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: PG All Share Video 1.0 - SQL Injection Vendor Homepage: http://www.pilotgroup.net/ Software Link: http://www.allsharevideo.com/features.php Demo: http://demo.allsharevideo.com/ Version: 1.0 Category: Webapps Tested on:...