CVE-2025-0345

A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

This Cyber News was published on www.tenable.com. Publication date: Fri, 10 Jan 2025 10:56:02 +0000

Cyber News related to CVE-2025-0345

Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
11 months ago Bleepingcomputer.com

CVE-2025-0345 - A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be launched ...
1 day ago Tenable.com

CVE-2006-0345 - Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058. ...
7 years ago

CVE-2009-0345 - Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor ...
6 years ago

CVE-2000-0345 - The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command. ...
16 years ago

CVE-2010-0345 - Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
14 years ago

CVE-2008-0345 - Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08. ...
12 years ago

CVE-2002-0345 - Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges. ...
8 years ago

CVE-2017-0345 - All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in ...
7 years ago

CVE-2004-0345 - Buffer overflow in Red Faction client 1.20 and earlier allows remote servers to execute arbitrary code via a long server name. ...
7 years ago

CVE-2005-0345 - viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter. ...
7 years ago

CVE-2007-0345 - The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions ...
7 years ago

CVE-2016-0345 - IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786. ...
6 years ago

CVE-2011-0345 - Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable. ...
6 years ago

CVE-2001-0345 - Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. ...
6 years ago

CVE-2003-0345 - Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. ...
5 years ago

CVE-2019-0345 - A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into ...
5 years ago

CVE-2015-0345 - Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
4 years ago

CVE-2020-0345 - In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: ...
4 years ago

CVE-2021-0345 - In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: ...
2 years ago

CVE-1999-0345 - Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. ...
2 years ago

CVE-2013-0345 - varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third ...
1 year ago

CVE-2023-0345 - The Akuvox E11 secure shell (SSH) server is enabled by default and can be accessed by the root user. This password cannot be changed by the user. ...
1 year ago

CVE-2018-0345 - A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of ...
4 years ago

CVE-2022-0345 - The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first ...
1 year ago

Latest Cyber News

CVE-2024-13183 - 6 hours ago
CVE-2025-0103 - 7 hours ago
CVE-2024-52875 - 7 hours ago
CVE-2025-0311 - 7 hours ago
CVE-2024-12606 - 10 hours ago
CVE-2024-12473 - 10 hours ago
CVE-2024-56377 - 15 hours ago
CVE-2025-21380 - 15 hours ago
CVE-2024-56376 - 15 hours ago
CVE-2024-51229 - 16 hours ago
CVE-2025-21385 - 16 hours ago
CVE-2024-46464 - 16 hours ago
CVE-2023-28354 - 16 hours ago
CVE-2024-13312 - 17 hours ago
CVE-2024-48806 - 17 hours ago
CVE-2024-55224 - 17 hours ago
CVE-2024-55225 - 17 hours ago
CVE-2024-55226 - 17 hours ago
CVE-2024-13301 - 17 hours ago
CVE-2024-13302 - 17 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-43096 - 1 day ago
CVE-2024-43770 - 1 day ago
CVE-2024-43771 - 1 day ago
CVE-2024-49747 - 1 day ago
CVE-2024-49748 - 1 day ago
CVE-2024-12802 - 1 day ago
CVE-2024-13153 - 1 day ago
CVE-2025-0345 - 1 day ago
CVE-2025-0346 - 1 day ago
CVE-2025-0347 - 1 day ago
CVE-2025-0348 - 1 day ago
CVE-2024-11328 - 1 day ago
CVE-2024-11642 - 1 day ago
CVE-2024-11686 - 1 day ago
CVE-2024-11815 - 1 day ago
CVE-2024-11907 - 1 day ago
CVE-2024-11929 - 1 day ago
CVE-2024-12067 - 1 day ago
CVE-2024-12122 - 1 day ago
CVE-2024-12206 - 1 day ago