Category: CVE Notifications

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a “flowspec overflow.”

Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the...

A vulnerability was found in Samba’s “rpcecho” development server, a non-Windows RPC server used to test Samba’s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked...

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Kemal YAZICI – PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a...

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4.

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The...

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar,...

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to...

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue...

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a...