Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-5864
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
Joomlahbs Hotel Booking Reservation System 1.0.0
Joomlahbs Com Tophotelmodule 1.0.0
4 EDB exploits
9.8
CVSSv3
CVE-2021-45029
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
Apache Shenyu 2.4.0
Apache Shenyu 2.4.1
NA
CVE-2006-3271
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote malicious users to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) ...
Softbiz Dating Script 1.0
5 EDB exploits
9.8
CVSSv3
CVE-2015-2279
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote malicious users to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, ...
Airlive Bu-2015 Firmware 1.03.18
Airlive Bu-3026 Firmware 1.43
Airlive Md-3025 Firmware 1.81
1 EDB exploit
9.8
CVSSv3
CVE-2023-25826
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vu...
Opentsdb Opentsdb
1 Metasploit module
1 Github repository
NA
CVE-2011-4066
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and previous versions allows remote malicious users to execute arbitrary SQL commands via the PATH_INFO.
Sir Gnuboard 3.38
Sir Gnuboard 3.37
Sir Gnuboard
Sir Gnuboard 4.31.03
Sir Gnuboard 3.34
Sir Gnuboard 3.33
Sir Gnuboard 3.32
Sir Gnuboard 3.40
Sir Gnuboard 3.39
Sir Gnuboard 3.31
Sir Gnuboard 3.30
Sir Gnuboard 3.36
Sir Gnuboard 3.35
1 EDB exploit
NA
CVE-2007-1566
SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote malicious users to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954.
Netvios Netvios
2 EDB exploits
9.8
CVSSv3
CVE-2017-10682
SQL injection vulnerability in the administrative backend in Piwigo up to and including 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
Piwigo Piwigo
1 EDB exploit
NA
CVE-2005-4500
SQL injection vulnerability in MusicBox 2.3 allows remote malicious users to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: the provenance of this information is unknown, although it was later rediscovered.
Musicbox Musicbox 2.3
2 EDB exploits
NA
CVE-2014-0372
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to DM Othe...
Oracle Supply Chain Products Suite 7.2.0.3
Oracle Supply Chain Products Suite Sql-server 7.3.0
Oracle Supply Chain Products Suite Sql-server 12.2.1
Oracle Supply Chain Products Suite Sql-server 12.2.2
Oracle Supply Chain Products Suite Sql-server 7.3.1
Oracle Supply Chain Products Suite Sql-server 12.2.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »