The module pandora-doomsday infects other modules. It's since been unpublished from the registry.

dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely...

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.

IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compro...

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an...

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has signif...

Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.

Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.

Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, ...

Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.

Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.

Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.

Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.

CPA Lead Reward Script allows SQL Injection via the username parameter.

Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.

Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.

MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.

Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.

AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.