#sql

Whitepaper on hacking smart switches to capture credentials for a network.

Froxlor version 0.10.2l9.1 suffers from a remote SQL injection vulnerability that can enable an attacker to achieve remote code execution.

Backdoor.Win32.Pahador.aj malware suffers from bypass and code execution vulnerabilities.

WordPress Backup and Restore plugin version 1.0.3 suffers from an arbitrary file deletion vulnerability.

Backdoor.Win32.VB.afu suffers from an insecure transit vulnerability that discloses credentials.

Money Transfer Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

FusionPBX version 4.5.29 suffers from a remote code execution vulnerability.

Backdoor.Win32.VB.afu malware suffers from an insecure permissions vulnerability.

Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.

PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form.