Lucene search
+L

712 matches found

OSV
OSV
added 2019/11/06 5:11 p.m.6 views

GHSA-J9XP-92VC-559J SQL Injection in sequelize

Affected versions of sequelize are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the MariaDB and MySQL dialects, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation If you are using sequelize 5.x, upgrade to version...

9.8CVSS7.5AI score0.01315EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2019/10/01 12:0 a.m.5 views

PT-2019-3608 · Zingbox · Zingbox Inspector

Name of the Vulnerable Software and Affected Versions: Zingbox Inspector versions 1.293 and earlier Description: A security issue exists due to the failure to neutralize special elements in the network traffic handler. This could allow a remote attacker to intercept and modify software update...

10CVSS9.3AI score0.00889EPSS
Exploits0References5
OSV
OSV
added 2019/08/08 1:15 p.m.3 views

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

5.5CVSS5.8AI score0.01089EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/08/02 12:0 a.m.6 views

PT-2019-13736 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 5.0.2 Description: The issue allows SQL Injection in the interface/forms/eye mag/save.php file. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents...

9.8CVSS9.4AI score0.28086EPSS
Exploits0References6
OSV
OSV
added 2019/04/30 11:29 p.m.6 views

CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

9.8CVSS9.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/04/10 12:0 a.m.6 views

PT-2019-12164 · Postgresql · Sequelize

Name of the Vulnerable Software and Affected Versions: Sequelize versions prior to 5.3.0 Description: The issue arises from the improper handling of backslashes in string literals, potentially allowing attackers to inject SQL statements. This is due to the PostgreSQL option standard conforming...

7.5CVSS7.6AI score0.01823EPSS
Exploits0References11
CNVD
CNVD
added 2019/03/28 12:0 a.m.4 views

Apple Safari and Apple iOS Safari Reader Cross-Site Scripting Vulnerability

Apple Safari and Apple iOS are both products of Apple Inc. Apple Safari is a web browser that is the default browser that comes with the MacOSX and iOS operating systems. apple iOS is a suite of operating systems developed for mobile devices. safari Reader is one of the reader components. Safari...

6.1CVSS6.1AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2019/03/21 4:0 p.m.5 views

CVE-2018-20645

PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field...

5.4CVSS5.8AI score0.00653EPSS
Exploits1References1
OSV
OSV
added 2019/03/21 4:0 p.m.6 views

CVE-2018-19513

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sqlerrorlog/YYYY-MM-DD-sqlerrorlog.log filenames. The log file could contain sensitive client data email addresses and also facilitates exploitation of SQL injection errors...

7.5CVSS5.8AI score0.02124EPSS
Exploits2References2
OSV
OSV
added 2018/11/26 4:45 p.m.4 views

SUSE-SU-2018:3909-1 Security update for postgresql94

This update for postgresql94 to 9.4.19 fixes the following security issue: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have...

8.5CVSS8.4AI score0.05154EPSS
Exploits0References3
OSV
OSV
added 2018/08/09 12:0 a.m.4 views

UBUNTU-CVE-2018-10915

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7.1AI score0.05154EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 9:29 p.m.7 views

CVE-2016-9902

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10...

7.5CVSS8.9AI score
Exploits0References8
Openbugbounty
Openbugbounty
added 2017/12/22 6:58 a.m.14 views

apus.edu XSS vulnerability

Open Bug Bounty ID: OBB-457119 Description| Value ---|--- Affected Website:| apus.edu Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

6.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/08/28 12:0 a.m.26 views

Posty 1.0 SQL Injection

======================================================== Posty SQL injection Authentication bypass Description : an attacker is able to inject malicious sql query to bypass the login page and login as normal user Proof of Concept : - http://localhost/login.php set username and password = PCS00442...

Exploits0
Positive Technologies
Positive Technologies
added 2016/10/28 12:0 a.m.8 views

PT-2016-7433 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle version 3.1.2 Description: The issue allows remote attackers to obtain sensitive information via unspecified vectors, related to a SQL Injection issue affecting the Administration panel function in the installation process component. T...

7.5CVSS8AI score0.02247EPSS
Exploits1References13
OSV
OSV
added 2016/10/03 6:59 p.m.7 views

CVE-2016-7405

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting...

9.8CVSS9.7AI score
Exploits0References8
OSV
OSV
added 2016/08/31 3:32 p.m.18 views

MGASA-2016-0291 Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector IV is used to hash the username and...

10CVSS7.9AI score0.0475EPSS
Exploits0References29
Vulnerability Lab
Vulnerability Lab
added 2014/12/10 12:0 a.m.25 views

iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability

Document Title: =============== iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1374 Release Date: ============= 2014-12-10 Vulnerability Laboratory ID VL-ID: ==================================== 137...

7.1AI score
Exploits0
OSV
OSV
added 2014/10/16 12:55 a.m.3 views

UBUNTU-CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

7.5CVSS7AI score0.99974EPSS
Exploits20References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

Ecomat CMS Remote SQL Injection Vulnerability

No description provided by source. Vulnerability ID: HTB22390 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinecomatcms.html Product: Ecomat CMS Vendor: Codefabrik GmbH Vulnerable Version: 5.0 and Probably Prior Versions Vendor Notification: 18 May 2010 Vulnerability Type: S...

6.7AI score
Exploits0
Rows per page
Query Builder