python-sqlalchemy: SQL injection flaw due to not checking LIMIT input for correct type

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

CVE-2010-5037

SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the articleid parameter...

CVE-2010-4980

SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter...

CVE-2010-4981

SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4990

SQL injection vulnerability in the Front-edit Address Book comaddressbook component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php...

CVE-2009-5088

SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter...

CVE-2011-1609

SQL injection vulnerability in Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x before 6.15su2, 7.x before 7.15su1, 8.0 before 8.03, and 8.5 before 8.51 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647...

CVE-2011-1667

SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action...

CVE-2011-0330

The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language WQL statements via a crafted value, as demonstrated by a value that...

Information disclosure

The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language WQL statements via a crafted value, as demonstrated by a value that...

CVE-2011-0330

The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language WQL statements via a crafted value, as demonstrated by a value that...

CVE-2011-0330

The Dell DellSystemLite.Scanner ActiveX control (DellSystemLite.ocx 1.0.0.0) is affected by multiple vulnerabilities. The primary issue is that the WMIAttributesOfInterest property is not properly restricted, allowing remote attackers to craft WQL statements and disclose information about install...

Dell DellSystemLite.Scanner ActiveX Control Multiple Vulnerabilities

The DellSystemLite.Scanner ActiveX control, a component from Dell to determine relevant software for your system, installed on the remote Windows host reportedly is affected by multiple vulnerabilities : - An input validation error exists in the 'GetData' method can be exploited to disclose the...

Oracle MySQL Database COM_FIELD_LIST Buffer Overflow (CVE-2010-1850)

MySQL is a popular open-source implementation of a relational database that supports the Structured Query Language SQL for querying and updating stored data. A security bypass vulnerability exists in MySQL database server. The vulnerability is due to an error while parsing a table name argument o...

No title provided

SQL injection vulnerability in templatesexport.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the exportitemid parameter...

CVE-2010-2016

SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter...

CVE-2009-2152

SQL injection vulnerability in aindex.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action...

CVE-2009-2148

SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter...

PT-2009-3647 · Pixie · Pixie Cms

Name of the Vulnerable Software and Affected Versions: Pixie CMS version 1.01a Description: The issue allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request, specifically in the referral function in admin/lib/lib logs.php. Recommendations: For Pixie CMS...

PT-2009-1778 · Xt · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions prior to 3.0.4 Sp2.1 Description: The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors when magic quotes gpc is enabled and the SEO URLs are activated. Recommendations: For versions...