CVE-2017-15365

It was discovered that MariaDB could replicate certain data definition language DDL commands to other cluster nodes despite an access control check failure. A user with an SQL access to the server could possibly use this flaw to perform database modification on certain cluster nodes without havin...

CVE-2019-16383

MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker...

UBUNTU-CVE-2019-16391

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiseraction.php...

PT-2019-4106 · Spip +1 · Spip +1

Name of the Vulnerable Software and Affected Versions: SPIP versions prior to 3.1.11 SPIP versions 3.2 prior to 3.2.5 Description: The issue is related to improper authorization in the SPIP content management system. It allows a remote attacker to compromise data integrity. Specifically, the...

CVE-2019-4147

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413...

WordPress Plugin JoomSport 3.3 - SQL Injection

Exploit Title: JoomSport 3.3 – for Sports - SQL injection Google Dork: intext:powered by JoomSport - sport WordPress plugin Date:29/07/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://beardev.com/ Software Link: https://wordpress.org/plugins/joomsport-sports-league-results-management...

CVE-2019-14348

The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsportseason/new-yorkers/?action=playerlist sid parameter...

CVE-2019-7889

An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data o...

CVE-2019-3891

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching...

CVE-2019-3906

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

IDenticard Systems Trust Management Issues Vulnerability

IDenticard Premisys is an access control system from IDenticard Systems, USA. The system allows the system to grant and restrict access to doors, lock facilities, view integrated reports and create detailed reports, among other things. A security vulnerability exists in IDenticard Systems version...

Sql injection

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue which may optionally be made public to extract and/or modify database information...

Magellan SQLite SQL Injection

A SQL injection vulnerability exists in SQLite-based applications. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

Sql injection

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968...

SQL Injection in pycsw

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL at least it is possible to perform updates/inserts/deletes and database...

Sql injection

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL at least it is possible to perform updates/inserts/deletes and database...

UBUNTU-CVE-2016-8640

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL at least it is possible to perform updates/inserts/deletes and database...

Hanno's projects: blind sql injection

Summary: There exists a possibility that your Serendipity installation is vulnerable to a blind sql injection. Description: By sending specially crafted SQL commands to /plugin/tag/ and timing how long it takes for the server to respond, it is quite possible that the blog backend is interepreting...

WordPress Clean Up Optimizer Plugin SQL Injection Vulnerability

WordPress is a suite of blogging platforms developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blogging sites on servers with PHP and MySQL.Clean Up Optimizer is one of the plugins that optimizes your WordPress as well as cleans up outdated da...

Code Execution Vulnerability in Emlog CMS

Emlog, short for every memory log, is a PHP and MySQL based blog and CMS builder. A code execution vulnerability exists in Emlog CMS. An attacker can use the vulnerability to obtain the physical path of the website, so as to backup and modify the database information, and realize the getshell by...