DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.
c59f5b4f5d044eb7838a408a25e1ddb8966666ed55c708660903f015ccf7e1b5
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc.
635f60dcea426f833c149bf378a0e8ce1585c3548641f81eb1702cf39c8c50de
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.
4d58e0287f76d2e5689e86c7f6907829d0e768e9a60e0f2ac317c9153ee4e3b6
Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability.
94d4f83975f87861e5de23afeddf375d89516755bb5f7b64deb215523821ad76
A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.
2d1220fa63bd54538247325712a8d4f836dcc60733d8cebe63cd721eb6755ba9
User Registration and Login and User Management System version 3.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d7b9220fd1f8abc396db42df756fbc5a76abf3925bf5357e6721975e8781e9cb
WordPress Membership for WooCommerce plugin versions prior to 2.1.7 suffer from a remote shell upload vulnerability.
02cf8f42362fb411dc46a34c050893842dde9be08183674517277a5f694702c4
Computer Laboratory Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
1d0c177652350dd1598803c48c5741b17359e328ac93e414c5c3edf51473fc06
Ubuntu Security Notice 6720-1 - Kentaro Kawane discovered that Cacti incorrectly handled user provided input sent through request parameters to the graph_view.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks.
72a1060cc659927cdff0d3fabd91138203688e06b807e728473d37ed3e99a9d3
Daily Habit Tracker version 1.0 suffers from a remote SQL injection vulnerability.
cd7b10f9c3d3198234448508b8bd3971e255165331cb45675cc34ec55a085e1c
Employee Management System version 1.0 suffers from additional remote SQL injection vulnerabilities. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.
0c0393923d3df1c0633d25e433d1f3d236c329b41f5056207cc820b47be87eae
OpenCart Core version 4.0.2.3 suffers from a remote SQL injection vulnerability.
4e62c24dfb4857453f8503bda030c60fd230c642a59bc3d770a2f4bd0cab12e2
Online Hotel Booking in PHP version 1.0 suffers from a remote blind SQL injection vulnerability.
dba5f6da9bbb1db4830270fe91b72c0f36ec37923f4911d24100811a4c3c40db
Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability.
13eccba4a879951b450e58d70bb5dec815e2134f0c7159328e6dd22fc57f3881
Gentoo Linux Security Advisory 202403-4 - A backdoor has been discovered in XZ utils that could lead to remote compromise of systems. Versions less than 5.6.0 are affected.
5f842a94bf5c0b3dfd7216f05ebba3dbaab462828954555770b288dbf1f50b84
BioTime versions 8.5.5 and 9.0.1 suffer from directory traversal and file write vulnerabilities. This exploit also achieves remote code execution on version 8.5.5.
559624309c6e53a8b2b0a2a02ff69a214f19c0f9c1031ae40784ea114742841e
Gibbon version 26.0.00 suffers from a server-side template injection vulnerability that allows for remote code execution.
1b3c7352aa031d230c3c80c612cd9d93b73f2fc15a2b82894af48bf0b12e4b63
This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91
Soholaunch version 4.9.4 r44 suffers from a remote shell upload vulnerability.
38cf97e11373ce1137705690e0184e70046c7384264c09e97f32c832e3026b02
Ubuntu Security Notice 6704-4 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
4c20532debf7fe54f300253a8836c32c86a73b576ba2f48d948c642e26473036
Event Management version 1.0 suffers from a remote SQL injection vulnerability.
5135d01cd318616d2a8b1711363d2378d7b2686ffcd1083f2936d0248e4164fd
Purei CMS version 1.0 suffers from a remote SQL injection vulnerability.
49145a8ded157d117fc08cb54211098512a41f3d792bba94457249d4e633af9c
LMS PHP version 1.0 suffers from a remote SQL injection vulnerability.
049c8de17cf497bf303930585481eadeb964f519906d25f2f09f96d1d4f41c47
Ubuntu Security Notice 6718-2 - USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.
254eb20ecc0dee862c1a54519635302b51b16e509db5e12799dbd97629205e05
WinRAR version 6.22 suffers from a remote code execution vulnerability via a malicious zip archive.
c9b468baa4eac879ce098155bfc3889b87ef0d5373ba5a2b473d75bc3f0cb552