CVE-2015-1013

CVE-2015-1013 affects OSIsoft PI AF 2.6/2.7 and PI SQL for AF 2.1.2.19. The root cause is an incorrect default permission where the PI SQL (AF) Trusted Users group may include the Everyone account, enabling remote authenticated users to bypass command restrictions by issuing SQL statements. Impac...

ManageEngine Applications Manager IT360UtilitiesServlet query SQL Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IT360UtilitiesServlet servlet. The issue lies in the ability to...

CVE-2014-0919

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities...

Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability

A vulnerability in the Interactive Voice Response IVR interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attack...

PT-2023-25559 · Monetdb +1 · Monetdb Server +1

Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the GDKfree component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For versions 11.45.17 and 11.46.0, update to a...

PT-2023-4102 · Unknown +1 · Monetdb Server +1

Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the cs bind ubat component allows attackers to cause a Denial of Service DoS via crafted SQL statements. It is related to incorrect clearance or release of resources,...

WordPress custom-contact-forms Plugin SQL Upload

The WordPress custom-contact-forms plugin 'WordPress custom-contact-forms Plugin SQL Upload', 'Description' = %q The WordPress custom-contact-forms plugin 'Marc-Alexandre Montpas', Vulnerability discovery 'Christian Mehlmauer' Metasploit module , 'License' = MSFLICENSE, 'References' = 'URL',...

Joomla! Spider Calendar Component <= 3.2.6 SQLi Vulnerability - Active Check

Joomla! Spider Calendar Component is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that employ this parameter...

SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability

No description provided by source. SetSeed CMS 5.8.20 loggedInUser Remote SQL Injection Vulnerability Vendor: SetSeed Product web page: http://www.setseed.com Affected version: 5.8.20 Summary: SetSeed is a self-hosted CMS which lets you rapidly build and deploy complete websites and online stores...

Oracle HTML DB 1.5/1.6 f p Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affecte...

Oracle HTML DB 1.5/1.6 wwv_flow.accept p_t02 Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affecte...

Revive Adserver 'www/delivery/axmlrpc.php' 'what' Parameter SQL Injection

The Revive Adserver install hosted on the remote web server is affected by a SQL injection vulnerability because the 'www/delivery/axmlrpc.php' script fails to properly sanitize user-supplied input passed to the 'what' parameter. This can allow a remote, unauthenticated attacker to execute...

GLSA-201406-10 : lighttpd: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201406-10 lighttpd: Multiple vulnerabilities Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could create a Denial of Service...

lighttpd: Multiple vulnerabilities

Background lighttpd is a lightweight high-performance web server. Description Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details. Impact A remote attacker could create a Denial of Service condition. Futhermore, a remote attack...

BSQL Automated SQL Injection tool

BSQL is an automated SQL Injection tool. Remote attackers can use BSQL to fetch data from the database and execute SQL statements...

Sqlmap Automated SQL Injection tool

Sqlmap is an automated SQL Injection tool. Remote attackers can use Sqlmap to fetch data from the database and execute SQL statements...

Havij Automated SQL Injection tool

Havij is an automated SQL Injection tool. Remote attackers can use Havij to fetch data from the database and execute SQL statements...

GLSA-201401-22 : Active Record: SQL injection

The remote host is affected by the vulnerability described in GLSA-201401-22 Active Record: SQL injection An Active Record method parameter can mistakenly be used as a scope. Impact : A remote attacker could use specially crafted input to execute arbitrary SQL statements. Workaround : The...

Active Record: SQL injection

Background Active Record is a Ruby gem that allows database entries to be manipulated as objects. Description An Active Record method parameter can mistakenly be used as a scope. Impact A remote attacker could use specially crafted input to execute arbitrary SQL statements. Workaround The...