cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

RosarioSis SQL注入漏洞

RosarioSis is a free and open source student information system. It is used to manage students, create reports and make the right decisions. An SQL injection vulnerability exists in RosarioSIS versions prior to 7.6.1, which originates from the votes parameter in...

WordPress plugin WP Statistics SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Statistics plugin 13.1.5 and earlier versions are vulnerable to SQL injection, which can be exploited by attackers to...

Cybonet PineApp Mail Secure SQL注入漏洞

Cybonet PineApp Mail Secure is Cybonet Israel's solution for blocking most malicious email threats at the network perimeter, while providing a range of additional options for comprehensive security and messaging control.Cybonet PineApp Mail Relay is vulnerable to a SQL injection vulnerability tha...

Hms SQL注入漏洞

HMS is a computer or web-based hospital management system in Bangladesh. Useful for managing the operations of a hospital or any medical facility, a SQL injection vulnerability exists in HMS v1.0, which stems from the fact that the product admin.php page does not do effective filtering of special...

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any...

USN-5301-2 cyrus-sasl2 vulnerability

USN-5301-1 fixed a vulnerability in Cyrus. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrar...

USN-5301-1 cyrus-sasl2 vulnerability

It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands...

DEBIAN-CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2022-25322

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection...

CVE-2022-25322

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection...

ZEROF Web Server SQL注入漏洞

ZEROF Web Server is an open source Web framework that simplifies modern Web development . It allows you to build applications without having to worry about package management or routing. ZEROF Web Server has a SQL injection vulnerability that allows HandleEvent SQL injection...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via maliciously crafted SQL queries made via editing the Database File, it is possible to query a record and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain...

EasyCMS SQL注入漏洞

EasyCMS is a Php-based website builder from the EasyCMS community. A SQL injection vulnerability exists in EasyCMS, which stems from the product ArticlemAction.class.php file not effectively handling special characters in user-supplied search term data. An attacker can execute malicious SQL...

CVE-2022-23902

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in exportdata.php via the dname parameter...

Tongda2000 SQL注入漏洞

A SQL injection vulnerability exists in Tongda2000, a web-based intelligent office system from China Tongda, which originates from the dname parameter in the product's exportdata.php file that does not securely handle special characters in user input data. An attacker can execute malicious SQL...

Metinfo MetInfo SQL注入漏洞

MetInfo is a content management system CMS developed using PHP and Mysql. A SQL injection vulnerability exists in Metinfo, which stems from the product's failure to secure the special characters in the doModify parameter in the languagegeneral.class.php file. An attacker could exploit this...

TSG Tokheim Profleet DiaLOG Fuel Management System SQL注入漏洞

TSG Tokheim Profleet DiaLOG Fuel Management System is a fuel management system from TSG UK.A SQL injection vulnerability exists in TSG Tokheim Profleet DiaLOG Fuel Management System, which can be exploited by attackers to cause remote code execution as root user...

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...