CVE-2023-40946

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php...

EUVD-2023-60228

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute...

CVE-2023-53966 SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute...

PT-2025-52703

Name of the Vulnerable Software and Affected Versions SOUND4 LinkAndShare Transmitter version 1.1.2 Description SOUND4 LinkAndShare Transmitter version 1.1.2 contains a format string vulnerability. This allows attackers to trigger memory stack overflows through maliciously crafted environment...

EUVD-2018-11931

Malware in sbrugna...

EUVD-2025-31576

Malicious code in bioql PyPI...

CVE-2024-52010

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

CVE-2023-52723

In KDE libksieve, vulnerable component is kmanagesieve/session.cpp where a username variable is accidentally assigned a password value, causing cleartext credentials to be written to server logs. Affected product/version: libksieve prior to 23.03.80. Reported impact: potential exposure of user pa...

PT-2023-24354 · Unknown · Remote Clinic

Name of the Vulnerable Software and Affected Versions: RemoteClinic version 2.0 Description: The issue is a SQL injection vulnerability located in the /staff/edit.php file. This vulnerability can be exploited through the username and password variables. Recommendations: For RemoteClinic version...

CVE-2023-25104

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

PT-2022-27113 · Boa · Boa

Name of the Vulnerable Software and Affected Versions: Boa version 0.94.14rc21 Description: The issue concerns SQL Injection via the username variable. However, it is noted that this vulnerability is disputed by multiple third parties because Boa does not ship with any support for SQL...

Cross-site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization on the user preference page via the UserName variable...

CVE-2021-40408

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. Th...

AneCMS - '/registre/next' SQL Injection

Exploit Title: anecms SQli Date: 23/08/2010 Author: Sweet Contact : [email protected] Software Link: anecms.com Download: anecms.com/anecms.zip Version: All Tested on: WinXp sp3 Description : anecms is an open source blog manager...

AneCMS SQL Injection

Exploit Title: anecms SQli Date: 23/08/2010 Author: Sweet Contact : [email protected] Software Link: anecms.com Download: anecms.com/anecms.zip Version: All Tested on: WinXp sp3 Description : anecms is an open source blog manager Sqli: The POST variable username has been set to sweet'" on...

Oracle Secure Backup Administration Server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port...

风讯API_Response.asp注入漏洞

API/APIResponse.asp变量username未经过滤传值，带入sql执行，导致注入产生。 If CheckPost Then Select Case Act Case "checkname" '触发注入 Checkname CheckPost函数原型在行73-96，username由此获取值，代码如下: XmlDoc.documentElement.selectSingleNode"username" Checkname函数在行233-254，代码如下： Sub Checkname Dim UserEmail Dim Temptr,i,Rs,Sql UserEmail =...

aeries-sqlxss.txt

Discovered By : Arsalan Emamjomehkashan aeries browser interfaceABI 3.8.3.14 Remote SQL Injection Website:http://aeries.com/ SQL injection: GradebookOptions.asp?GrdBk=SQL loginproc.asp If you post variable "SchlCode" XSS: UserName variable on loginproc.asp and usr on Login.asp...