SUSE CVE-2013-6172

steps/utils/savepref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code...

SUSE CVE-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

GHSA-6P5Q-H963-PWWF Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

PT-2023-16436 · Unknown · Calendar Event Management System

Name of the Vulnerable Software and Affected Versions: Calendar Event Management System version 2.3.0 Description: A critical issue affects the Login Page component of the system, where the manipulation of the name and pwd arguments leads to SQL injection. The attack can be initiated remotely...

U.S. Department of State: HTML INJECTION on coins.state.gov

An HTML injection vulnerability was found on coins.state.gov, which could have allowed an attacker to modify the page and potentially steal a user's identity. The vulnerability was discovered through the use of the dalfox tool...

PT-2023-10625 · Bastianallgeier · Bastianallgeier Kirby Webmentions Plugin

Name of the Vulnerable Software and Affected Versions: bastianallgeier Kirby Webmentions Plugin affected versions not specified Description: A vulnerability was found in the bastianallgeier Kirby Webmentions Plugin, allowing for injection attacks. The manipulation can be launched remotely, but th...

CVE-2022-46623

Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter...

Voyager SQL注入漏洞

Voyager is an application by David Borland, an individual developer. Voyager suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to perform a sql injection attack...

Address Book SQL注入漏洞

Address Book is an address table with an activity log. A SQL injection vulnerability exists in LearnMeSomeCodes Address Book. An attacker could use this vulnerability to perform a sql injection attack...

CVE-2022-43531

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

CVE-2022-43522

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities...

CVE-2022-42471

FortiWeb is affected by CVE-2022-42471 due to improper neutralization of CRLF sequences in HTTP headers (HTTP Response Splitting). The issue affects FortiWeb versions 7.0.0–7.0.2, 6.4.0–6.4.2, and 6.3.6–6.3.20, allowing an authenticated, remote attacker to inject arbitrary headers. Root cause: im...

PT-2023-14259 · WordPress · Wp Rss By Publishers

Name of the Vulnerable Software and Affected Versions: WP RSS By Publishers WordPress plugin version 0.1 Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high...

CVE-2022-44137

SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection...

CVE-2022-36315

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...

CVE-2022-43883

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Endpoint Manager version 2022.3 and prior versions, which can be exploited by an attacker to cause a malicious file to be downloaded, run, and potentially...

PT-2022-26540 · Unknown · House Rental System

Name of the Vulnerable Software and Affected Versions: House Rental System affected versions not specified Description: A critical vulnerability has been found in the House Rental System, affecting an unknown functionality of the file search-property.php of the component POST Request Handler. The...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID:CVE-2022-0391 DESCRIPTION: Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-craft...

CVE-2022-40765

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 22.22.6100.0 could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters...