575 matches found
CVE-2024-4309
HubBank CVE-2024-4309 is a SQL injection in HubBank v1.0.2 affecting parameterized id values on endpoints /user/transaction.php?id=1, /user/credit-debit_transaction.php?id=1, /user/view_transaction.php?id=1, and /user/viewloantrans.php?id=1. Root cause: improper handling of user input leading to ...
CVE-2024-4307 SQL injection vulnerability in HubBank
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/viewcards. php?id=1,...
CVE-2024-4308 SQL injection vulnerability in HubBank
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints...
CVE-2024-4308
CVE-2024-4308 describes a SQL injection vulnerability in HubBank v1.0.2. The affected component is the HubBank application, with the root cause identified as improper handling of the id parameter in multiple admin endpoints (e.g., /admin/view_users.php?id=1, /admin/viewloan-trans.php?id=1, /admin...
Remote Code Execution (RCE)
aim is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper user access restriction to the RunView object, allowing for the execution of arbitrary code via a crafted query parameter to the /api/runs/search/run/ endpoint...
CVE-2024-25046
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953...
CVE-2024-25046
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953...
CVE-2024-25046 IBM Db2 for Linux, UNIX and Windows denial of service
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953...
CVE-2024-25046 IBM Db2 for Linux, UNIX and Windows denial of service
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953...
PT-2024-21775 · Ibm · Ibm Db2
Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue is related to a denial of service condition that can be triggered with a specially crafted query under certain conditions...
PT-2024-20716 · Ibm · Ibm Db2
Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.1 and 11.5 Description: The issue allows an authenticated user to cause a denial of service using a specially crafted query. Recommendations: For versions 11.1 and...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar table. Vulnerability Details CVEID:CVE-2024-22360 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service with a specially crafted...
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions (CVE-2024-27254)
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions. Vulnerability Details CVEID:CVE-2024-27254 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server federated server is vulnerable to denial of service with a speciall...
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-25046)
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details CVEID:CVE-2024-25046 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service by an authenticated user using a specially crafted quer...
CVE-2024-2584
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/selectsend.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
CVE-2024-2588 SQL injection vulnerability in AMSS++
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
CVE-2024-2586 SQL injection vulnerability in AMSS++
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
Sql injection
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...
BIT-MONGODB-2020-7929 Specially crafted regex query can cause DoS
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20...
PT-2024-21816 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.1 Description: An authenticated user with privileges to create alerts on Alerts & Reports can generate a specially crafted SQL statement that triggers an error...