Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

WebCom CMS 1.0 SQL Injection

WebCom CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
Open in Source
#sql#vulnerability#web#windows#google#auth#firefox
PHPJabbers Night Club Booking 1.0 Cross Site Scripting

PHPJabbers Night Club Booking version 1.0 suffers from a cross site scripting vulnerability.

PHPJabbers Service Booking Script 1.0 Cross Site Scripting

PHPJabbers Service Booking Script version 1.0 suffers from a cross site scripting vulnerability.

PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting

PHPJabbers Availability Booking Calendar version 5.0 suffers from a cross site scripting vulnerability.

RHSA-2023:4466: Red Hat Security Advisory: Satellite 6.13.3 Async Security Update

Updated Satellite 6.13 packages that fixes important security bugs and several regular bugs are now available for Red Hat Satellite.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40899: An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. * CVE-2023-0118: An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

CVE-2023-4120: cve/rce.md at main · RCEraser/cve

A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722 and classified as critical. This issue affects some unknown processing of the file importhtml.php. The manipulation of the argument sql leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-21412

User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections.

CVE-2023-38954: CVE-2023-38954

ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.

Introduction To Web Pentesting

This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.

Joomla JLex GuestBook 1.6.4 Cross Site Scripting

Joomla JLex GuestBook extension version 1.6.4 suffers from a cross site scripting vulnerability.