Ruby on Rails Query Manipulation Vulnerability (Feb 2013)

Ruby on Rails is prone to a query manipulation vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

CVE-2019-3797

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

Joomla Component XMap SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla component XMap. The flaw is due to input passed to 'index.php' via the 'view=' and 'itemID=' parameters failing to be properly filtered before being used in SQL queries. An attacker could...

Sql injection

SQL injection vulnerability in the "Users management" functionality in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this...

Security Bulletin: Multiple Vulnerabilities fixed in IBM Security Identity Manager Virtual Appliance ( CVE-2014-6106, CVE-2014-6108, CVE-2014-6109, CVE-2014-6111, CVE-2014-6112 )

Summary Multiple Vulnerabilities fixed in IBM Security Identity Manager versions 5.1, 6.0, and 7.0 Vulnerability Details CVE-ID: CVE-2014-6106 Description: IBM Security Identity Manager is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuadin...

UBUNTU-CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...

OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)

It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...

OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)

It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...

OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)

It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...

Multiple vulnerabilities in MantisBT

High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in MantisBT, which can be exploited to perform Cross-Site Scripting XSS and SQL injection attacks. Improper access control vulnerability discloses database's credentials login and password in plaintext. 1 Cross-Site...

openSUSE Security Update : python-django (openSUSE-SU-2014:1132-1)

Python Django was updated to fix security issues and bugs. Update to version 1.4.15 on openSUSE 12.3 : + Prevented reverse from generating URLs pointing to other hosts to prevent phishing attacks bnc893087, CVE-2014-0480 + Removed On algorithm when uploading duplicate file names to fix file uploa...

Outfront Spooky 2.x Login SQL Query Manipulation Password Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4661/info Spooky Login is a commerical web access control and account management software package. It is distributed and maintained by Outfront, and is designed for Microsoft IIS Webservers. Under some circumstances, it m...

WebHost Automation Helm Control Panel 3.1.x Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11586/info Helm Control Panel is reported prone to multiple vulnerabilities. These include an SQL injection issue and an HTML injection vulnerability. A remote attacker can execute arbitrary HTML and script code in a user...

Zix Forum <= 1.12 (layid) SQL Injection Vulnerability

No description provided by source. Zix Forum = 1.12 layid SQL Injection Vulnerability Vulnerability: -------------------- SQLInjection: Input passed to the layid parameter in 'settings.asp' not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by...

OpenBB 1.0.x member.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL issues may...

phpCheckZ 1.1.0 - Blind SQL Injection Vulnerability

No description provided by source. phpCheckZ 1.1.0 Blind SQL Injection Vulnerability Name phpCheckZ Vendor http://www.phpcheckz.com Versions Affected 1.1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-10-19 X. IND...

IWebNegar Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11946/info iWebNegar is reported prone to multiple SQL injection vulnerabilities, these issues exist due to a lack of sufficient boundary checks performed on user-supplied URI parameter data. These issues could...

Easytalk sql注入一枚

简要描述： 过滤不严。 详细说明： 在voteaction.class.php中 public function sendvote $vid=intval$POST'vid'; $votedata=$POST'votedata'; $isret=intval$POST'isret'; $isnone=intval$POST'isnone'; if $vid if isarray$votedata $vmodel=D'Votes'; $vopt=D'Voteoptions'; $vuser=D'Voteusers'; $myvote=$vuser-where"voteid='$vid' A...

Debian: Security Advisory (DSA-2787-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2609-1 : rails - SQL query manipulation

An interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...