CVE-2024-52360 IBM Concert Software SQL injection

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2024-48509

Learning with Texts LWT 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain...

Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability

Ivanti Cloud Services Appliance CSA contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements...

CVE-2024-9379

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-9379

Ivanti Cloud Services Appliance (CSA) admin web console contains a SQL injection vulnerability (CVE-2024-9379) in versions prior to 5.0.2. The issue allows a remote attacker with admin privileges to execute arbitrary SQL statements. Remediation per sources is to upgrade to Ivanti CSA version 5.0....

IBM Db2 Injection Vulnerability

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an injection vulnerability that can be exploited by an authenticated attacker to...

Security Bulletin: A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access (CVE-2024-32655)

Summary A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access. Ngpsql is used by IBM Robotic Process Automation for database access. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Ubuntu: Security Advisory (USN-6879-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Virtuoso Open-Source Edition vulnerabilities (USN-6879-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6879-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL...

USN-6832-1: Virtuoso Open-Source Edition vulnerabilities

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610, CVE-2023-31611,...

USN-6832-1 virtuoso-opensource vulnerabilities

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610, CVE-2023-31611,...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Virtuoso Open-Source Edition vulnerabilities (USN-6832-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6832-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL...

CVE-2024-35361

CVE-2024-35361 affects MTab Bookmark v1.9.5. A SQL injection vulnerability exists in the /LinkStore/getIcon API endpoint that allows an attacker to execute arbitrary SQL statements without any user privileges. The issue is documented across multiple sources (NVD/Red Hat/CVE records) and is rated ...

SQL Injection

doctrine/orm is vulnerable to SQL Injection. The vulnerability is due to statements in the Where-Clause not being wrapped in brackets due to improper handling of case-insensitive checks, which allows an attacker to execute arbitrary SQL statements...

CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

SQL Injection

openlink virtuoso-opensource is vulnerable to a Denial of Service DoS attack. The vulnerability is due to an issue in the libclongjmp component, which allows attackers to cause a DoS via crafted SQL statements...

SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the dfeqexplist component, enabling attackers to cause a DoS via crafted SQL statements...

SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the dksetdelete component, enabling attackers to cause a DoS via crafted SQL statements...

SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the schnametoobject component, allowing attackers to cause a DoS via crafted SQL statements...

SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the sqlcuniondtwrap component, allowing attackers to cause a DoS via crafted SQL statements...