CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1152 matches found

GithubExploit•added 2020/02/22 1:32 a.m.•8 views

Exploit for SQL Injection in Djangoproject Django

CVE-2020-7471 This repository provides environments and P...

9.8CVSS6.8AI score0.65336EPSS

Exploits9

Rockylinux•added 2020/02/04 11:39 a.m.•7 views

new module: postgresql:12

An update is available for pgaudit, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the postgresql:12 module...

1.8AI score

Exploits0

Veracode•added 2020/02/04 1:22 a.m.•24 views

SQL Injection

django is vulnerable to SQL injection. The vulnerability exists through the unsanitized value of the user-specified column delimiter in contrib.postgres.aggregates.StringAgg...

9.8CVSS2.3AI score0.65336EPSS

Exploits9References15Affected Software1

UbuntuCve•added 2020/02/03 10:0 a.m.•48 views

CVE-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

9.8CVSS6.8AI score0.65336EPSS

Exploits9References3

OSV•added 2020/02/03 10:0 a.m.•1 views

UBUNTU-CVE-2020-7471

9.8CVSS6.8AI score0.65336EPSS

Exploits9References4

FreeBSD•added 2020/02/03 12:0 a.m.•38 views

Django -- potential SQL injection vulnerability

MITRE CVE reports: Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitabl...

9.8CVSS2.8AI score0.65336EPSS

Exploits9References4

ArchLinux•added 2020/02/03 12:0 a.m.•42 views

[ASA-202002-1] python-django: sql injection

Arch Linux Security Advisory ASA-202002-1 ========================================= Severity: Medium Date : 2020-02-03 CVE-ID : CVE-2020-7471 Package : python-django Type : sql injection Remote : Yes Link : https://security.archlinux.org/AVG-1091 Summary ======= The package python-django before...

9.8CVSS1.3AI score0.65336EPSS

Exploits9References3

CVE•added 2019/11/20 8:50 p.m.•262 views

CVE-2015-3166

CVE-2015-3166 affects PostgreSQL; the snprintf implementation fails to properly handle errors from system calls, which can lead to information disclosure or other unspecified impact via out-of-memory scenarios. Affected versions include PostgreSQL releases before 9.0.20, 9.1.x before 9.1.16, 9.2....

9.8CVSS9.1AI score0.04649EPSS

Exploits0References9Affected Software1

OSV•added 2019/11/08 5:5 p.m.•18 views

GHSA-2598-2F59-RMHQ SQL Injection in sequelize

Versions of sequelize prior to 3.35.1 are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the Postgres dialect, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation Upgrade to version 3.35.1 or later...

9.8CVSS9.8AI score0.01228EPSS

Exploits1References4

Zero Day Initiative•added 2019/11/01 12:0 a.m.•21 views

Advantech WISE-PaaS/RMM SQLMgmt qryData SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SQLMgmt...

6.5CVSS0.5AI score0.024EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•17 views

Advantech WISE-PaaS/RMM RecoveryMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability

6.5CVSS0.6AI score0.024EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•20 views

Advantech WISE-PaaS/RMM SQLMgmt CreateTable SQL Injection Information Disclosure Vulnerability

6.5CVSS0.5AI score0.024EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•17 views

Advantech WISE-PaaS/RMM DeviceMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability

6.5CVSS0.7AI score0.024EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•23 views

Advantech WISE-PaaS/RMM SQLMgmt insertData SQL Injection Information Disclosure Vulnerability

6.5CVSS0.5AI score0.024EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•15 views

Advantech WISE-PaaS/RMM PowerMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability

6.5CVSS1.1AI score0.024EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•24 views

Advantech WISE-PaaS/RMM SQLMgmt getTableInfo SQL Injection Information Disclosure Vulnerability

5.5CVSS0.4AI score0.024EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•15 views

Advantech WISE-PaaS/RMM ProtectionMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability

6.5CVSS0.7AI score0.024EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•15 views

Advantech WISE-PaaS/RMM SQLMgmt delData SQL Injection Information Disclosure Vulnerability

6.5CVSS0.3AI score0.024EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•17 views

Advantech WISE-PaaS/RMM SQLMgmt updateData SQL Injection Information Disclosure Vulnerability

6.5CVSS0.4AI score0.024EPSS

Exploits0References1

OSV•added 2019/10/29 7:15 p.m.•13 views

CVE-2019-10749

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

9.8CVSS7.8AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by