EUVD-2021-21872

Malware in sbrugna...

EUVD-2013-0689

Malware in sbrugna...

EUVD-2024-17465

Malicious code in bioql PyPI...

EUVD-2023-29908

Malicious code in bioql PyPI...

The vulnerability of the /html/atendido/Profile_Atendido.php script of the WeGIA web manager allows a perpetrator to disclose confidential information or cause service denial.

The vulnerability of the WeGIA web manager’s /html/atendido/ProfileAtendido.php script is related to the failure to protect the SQL query structure when processing the idatendido parameter. Exploiting this vulnerability can allow an attacker to disclose confidential information or cause service...

The vulnerability of the Service Account Auditing service of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus allows a perpetrator to execute arbitrary code.

The vulnerability of the Service Account Auditing service in the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of security measures for the SQL query structure. Exploitation of this vulnerability could allow a malicious actor to...

The vulnerability of the UnlockOpcSettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UnlockOpcSettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass...

The vulnerability of the GetTraces method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to bypass security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the GetTraces method in software for managing and monitoring remote devices in telemetry and telemechanics systems related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security restrictions, rea...

CVE-2023-26021

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864...

CVE-2023-3416

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

CVE-2021-38391

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AMHandler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A...

CVE-2020-18081

The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query...

CVE-2020-14491

OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information...

CVE-2009-4439

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service instance crash by compiling a SQL query...

ROS-20250311-04

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

ROS-20250311-03

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

CVE-2022-34871

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a...

CVE-2020-15620

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the id parameter, the...

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability in the implementation of the deleteComment method in the comments module of the CMS system Netcat allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the deleteComment method in the comments module of the CMS system Netcat is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to the protected information...