PT-2025-51260

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description An issue exists in Frappe ERPNext that allows an attacker to extract arbitrary data from the database. The get outstanding reference documents function, located at...

CVE-2024-54153

In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. An SQL injection vulnerability exists in CleanTalk WordPress Plugin versions prior to 5.153.4, which originates from an update log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php that contains a vulnerable query. An attacker...

hik-connect.com / ezvizlife.com Authentication Bypass

There is a full write up of this bug here: https://medium.com/@evstykas/hackvision-8f50924e56d Vulnerability Security Advisory ======================================================================= title: No validation on cookie values product: hik-connect.com and ezvizlife.com vulnerable versio...

coppermine photo gallery <= 1.4.22 Multiple Vulnerabilities

No description provided by source. Author: girex Site: http://girex.altervista.org/ CMS: Coppermine Photo Gallery = 1.4.22 Coppermine Foto Gallery suffers from different vulnerabilities. There is a Local File Inclusion and a Blind SQL Injection working with registerglobals = On and magicquotesgpc...

1024 CMS &lt;= 1.4.2 Local File Inclusion / Blind SQL Injection Exploit

No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 13/04/2008 CMS: 1024 CMS = 1.4.1 and 1.4.2 beta Site: 1024cms.com Bug1: Local File Inclusion Need: magicquotesgpc = Off / registerglobals = On Bug2: Cookie Blind SQL Injection Exploit: Admin Hash Retrieve Exploit...

toppermod20-sql.txt

Author: GiReX mySite: girex.altervista.org CMS: TopperMod v2.0 Site: rtcw.ch/mio/index.php Bug: SQL Injection Type: 1 - Priviledge Escalation from user to mod 2 - Remote user password change File: /account/index.php Var : $localita Need: magicquotesgpc = Off You must be logged in Vuln Code:...

TopperMod 2.0 Remote SQL Injection Vulnerability

No description provided by source. Author: GiReX mySite: girex.altervista.org CMS: TopperMod v2.0 Site: rtcw.ch/mio/index.php Bug: SQL Injection Type: 1 - Priviledge Escalation from user to mod 2 - Remote user password change File: /account/index.php Var : $localita Need: magicquotesgpc = Off You...

TopperMod 2.0 - SQL Injection

TopperMod 2.0 - SQL Injection Author: GiReX mySite: girex.altervista.org CMS: TopperMod v2.0 Site: rtcw.ch/mio/index.php Bug: SQL Injection Type: 1 - Priviledge Escalation from user to mod 2 - Remote user password change File: /account/index.php Var : $localita Need: magicquotesgpc = Off You must...

TopperMod 2.0 - SQL Injection

Author: GiReX mySite: girex.altervista.org CMS: TopperMod v2.0 Site: rtcw.ch/mio/index.php Bug: SQL Injection Type: 1 - Priviledge Escalation from user to mod 2 - Remote user password change File: /account/index.php Var : $localita Need: magicquotesgpc = Off You must be logged in Vuln Code:...