Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Webpay E-Commerce 1.0 SQL Injection

Webpay E-Commerce version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
#sql#vulnerability#web#windows#google#php#auth#firefox
New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation. "It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector," cybersecurity

Online Job Portal IN 1.0 SQL Injection

Online Job Portal IN version 1.0 suffers from a remote SQL injection vulnerability.

pgAdmin 8.4 Code Execution

pgAdmin versions 8.4 and earlier are affected by a remote reverse connection execution vulnerability via the binary path validation API.

File Management System 1.0 Cross Site Request Forgery

File Management System version 1.0 suffers from a cross site request forgery vulnerability.

MySQL Authentication Bypass Password Dump

This Metasploit module exploits a password bypass vulnerability in MySQL in order to extract the usernames and encrypted password hashes from a MySQL server. These hashes are stored as loot for later cracking. Impacts MySQL versions: - 5.1.x before 5.1.63 - 5.5.x before 5.5.24 - 5.6.x before 5.6.6 And MariaDB versions: - 5.1.x before 5.1.62 - 5.2.x before 5.2.12 - 5.3.x before 5.3.6 - 5.5.x before 5.5.23.

VICIdial Multiple Authenticated SQL Injection

This Metasploit module exploits several authenticated SQL Inject vulnerabilities in VICIdial 2.14b0.5 prior to svn/trunk revision 3555 (VICIBox 10.0.0, prior to January 20 is vulnerable). Injection point 1 is on vicidial/admin.php when adding a user, in the modify_email_accounts parameter. Injection point 2 is on vicidial/admin.php when adding a user, in the access_recordings parameter. Injection point 3 is on vicidial/admin.php when adding a user, in the agentcall_email parameter. Injection point 4 is on vicidial/AST_agent_time_sheet.php when adding a user, in the agent parameter. Injection point 5 is on vicidial/user_stats.php when adding a user, in the file_download parameter. VICIdial does not encrypt passwords by default.

JBoss Scanner

This Metasploit module scans a JBoss instance for a few vulnerabilities.