Lucene search
K

131 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.4 views

SUSE CVE-2008-4094

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...

7.5CVSS8.8AI score0.0303EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.5 views

SUSE CVE-2009-5024

ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request...

5CVSS7AI score0.02644EPSS
Exploits0References5
Snyk
Snyk
added 2022/08/30 12:0 a.m.3 views

SQL Injection

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to SQL Injection via the getbookmarks function. An attacker can manipulate SQL queries and potentially access or alter database information by injecting...

8CVSS7.9AI score
Exploits0References2
OSV
OSV
added 2021/03/23 2:15 p.m.4 views

CVE-2021-27529

A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter...

4.8CVSS5.8AI score0.00786EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/03/23 12:0 a.m.6 views

Dynpg组织 Dynpg 跨站脚本漏洞

DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "limit" parameter...

4.8CVSS5.3AI score0.00786EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/11/30 12:0 a.m.71 views

openSUSE Security Update : podman (openSUSE-2020-2039)

This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...

5.3CVSS6.5AI score0.01402EPSS
Exploits0References4
Snyk
Snyk
added 2020/04/02 12:0 a.m.5 views

Command Injection

Overview get-git-data is a git repository data in node. Affected versions of this package are vulnerable to Command Injection. The argument limit can be controlled by users without any sanitization PoC var root = require"get-git-data"; root.log"& touch Song"; Details Cross-site scripting or XSS i...

9.8CVSS5.7AI score0.02121EPSS
Exploits0References2
Snyk
Snyk
added 2019/10/28 11:44 a.m.2 views

SQL Injection

Overview usmanhalalit/pixie is a lightweight, expressive, framework agnostic query builder for PHP. Affected versions of this package are vulnerable to SQL Injection. The library does not escape the limit param. PoC by Snyk Security Team 'pgsql', 'host' = '127.0.0.1', 'database' = 'postgres',...

9.8CVSS7.5AI score0.01499EPSS
Exploits1References2
OSV
OSV
added 2019/02/18 11:54 p.m.22 views

GHSA-98PQ-PMW9-4GPM SQL Injection in sequelize

Affected versions of sequelize are vulnerable to SQL Injection in locations where user input is passed into the limit or order parameters of sequelize query calls, such as findOne or findAll. Recommendation Update to version 3.17.0 or later...

9.8CVSS9.9AI score0.01913EPSS
Exploits0References4
NVD
NVD
added 2019/02/04 7:29 p.m.17 views

CVE-2019-7337

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...

4.8CVSS4.9AI score0.00677EPSS
Exploits1References1
OSV
OSV
added 2019/02/04 7:29 p.m.5 views

UBUNTU-CVE-2019-7337

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...

4.8CVSS6.7AI score0.00677EPSS
Exploits1References3
OSV
OSV
added 2019/02/04 7:29 p.m.3 views

DEBIAN-CVE-2019-7337

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...

4.8CVSS6.5AI score0.00677EPSS
Exploits1References1
NVD
NVD
added 2018/11/26 7:29 a.m.19 views

CVE-2018-19558

An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php...

9.8CVSS9.9AI score0.01135EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/03 12:0 a.m.3 views

FHCRM SQL Injection Vulnerability

FHCRM is a free and open source product management system based on ThinkPHP and Extjs. FHCRM 2018-02-11 and previous versions of the existence of SQL injection vulnerability, the attacker can index.php/User/read limit parameter to exploit the vulnerability to execute arbitrary SQL commands...

9.8CVSS9.9AI score0.0106EPSS
Exploits0References1
OSV
OSV
added 2018/09/02 10:29 p.m.3 views

CVE-2018-16354

An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter...

9.8CVSS5.8AI score0.0106EPSS
Exploits0References1
NVD
NVD
added 2018/09/02 10:29 p.m.14 views

CVE-2018-16353

An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter...

9.8CVSS9.8AI score0.0106EPSS
Exploits0References1
Prion
Prion
added 2018/09/02 10:29 p.m.19 views

Sql injection

An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter...

7.5CVSS9.7AI score0.0106EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/09/02 10:29 p.m.16 views

CVE-2018-16354

An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter...

9.8CVSS9.8AI score0.0106EPSS
Exploits0References1
CVE
CVE
added 2018/09/02 10:0 p.m.48 views

CVE-2018-16354

CVE-2018-16354 affects FHCRM (free/open source product management system). The connected CNVD/CVE records describe a SQL injection vulnerability exposed by the index.php/User/read limit parameter, with attackers potentially executing arbitrary SQL commands. FHCRM versions up to 2018-02-11 are imp...

9.8CVSS9.7AI score0.0106EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/09/02 10:0 p.m.13 views

CVE-2018-16353

An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter...

9.9AI score0.0106EPSS
Exploits0References1
Rows per page
Query Builder