131 matches found
SUSE CVE-2008-4094
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...
SUSE CVE-2009-5024
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request...
SQL Injection
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to SQL Injection via the getbookmarks function. An attacker can manipulate SQL queries and potentially access or alter database information by injecting...
CVE-2021-27529
A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter...
Dynpg组织 Dynpg 跨站脚本漏洞
DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "limit" parameter...
openSUSE Security Update : podman (openSUSE-2020-2039)
This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...
Command Injection
Overview get-git-data is a git repository data in node. Affected versions of this package are vulnerable to Command Injection. The argument limit can be controlled by users without any sanitization PoC var root = require"get-git-data"; root.log"& touch Song"; Details Cross-site scripting or XSS i...
SQL Injection
Overview usmanhalalit/pixie is a lightweight, expressive, framework agnostic query builder for PHP. Affected versions of this package are vulnerable to SQL Injection. The library does not escape the limit param. PoC by Snyk Security Team 'pgsql', 'host' = '127.0.0.1', 'database' = 'postgres',...
GHSA-98PQ-PMW9-4GPM SQL Injection in sequelize
Affected versions of sequelize are vulnerable to SQL Injection in locations where user input is passed into the limit or order parameters of sequelize query calls, such as findOne or findAll. Recommendation Update to version 3.17.0 or later...
CVE-2019-7337
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...
UBUNTU-CVE-2019-7337
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...
DEBIAN-CVE-2019-7337
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...
CVE-2018-19558
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php...
FHCRM SQL Injection Vulnerability
FHCRM is a free and open source product management system based on ThinkPHP and Extjs. FHCRM 2018-02-11 and previous versions of the existence of SQL injection vulnerability, the attacker can index.php/User/read limit parameter to exploit the vulnerability to execute arbitrary SQL commands...
CVE-2018-16354
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter...
CVE-2018-16353
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter...
Sql injection
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter...
CVE-2018-16354
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter...
CVE-2018-16354
CVE-2018-16354 affects FHCRM (free/open source product management system). The connected CNVD/CVE records describe a SQL injection vulnerability exposed by the index.php/User/read limit parameter, with attackers potentially executing arbitrary SQL commands. FHCRM versions up to 2018-02-11 are imp...
CVE-2018-16353
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter...