PT-2021-9739 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 3.0.0 Description: The issue concerns a web-based IT Service Management tool. When a download error occurs in the user portal, an SQL query is displayed to the user...

Sql injection

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker ca...

CVE-2020-26712

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker ca...

OpenAsset Digital Asset Management SQL Injection Vulnerability

Openasset is a digital asset management software for the website building industry from Openasset UK. OpenAsset Digital Asset Management suffers from a SQL injection vulnerability that originates from a blind remote SQL injection via authentication, which can be exploited by an attacker to gain...

Mquery Security Vulnerability

Aheckmann Mquery is a Javascript-based codebase for efficiently generating Mongdb query statements from the individual developer Aheckmann. A security vulnerability exists in mquery lib/utils.js versions prior to 3.2.3, which allows contamination attacks because a special attribute e.g. proto can...

Siemens XHQ SQL Injection Vulnerability

Siemens XHQ is a software platform that aggregates plant or pipeline operational data, processes it in a goal-oriented manner, and then makes decisions in real time to effectively improve plant or pipeline operational performance. A SQL injection vulnerability exists in Siemens XHQ versions prior...

SQL Injection Vulnerability in Kaixin Worklog System worklog

Kaixin Worklog Worklog system is a software system based on B/S to build the collaborative office within the enterprise. The system uses ASP.NET language development. Worklog system worklog star SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive information...

CVE-2020-29284

The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the tableid parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?tableid= to trigger the...

CVE-2019-2392

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prio...

CVE-2018-20802

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3...

CVE-2018-20803

CVE-2018-20803 affects MongoDB Server: 4.0 prior to 4.0.5; 3.6 prior to 3.6.10; 3.4 prior to 3.4.19. Description: authenticated user can trigger a denial-of-service by sending specially crafted queries, causing an endless loop in mathematics processing while holding locks. Impact: availability de...

CVE-2020-7928

A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions prior to 4.0.20 and...

CVE-2018-20802

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3...

CVE-2019-2392

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prio...

CVE-2019-20924

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2...

Code injection

A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13...

CVE-2019-20923

Removed by vendor...

CVE-2019-20924

Removed by vendor...

CVE-2020-7926

Removed by vendor...

SourceCodester Water Billing System SQL Injection Vulnerability

SourceCodester Water Billing System is a water billing system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Water Billing System version 1.0, which stems from a failure of the program to properly validate user input, and allows an attacker to perform SQL injectio...