SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the chasharray component, enabling attackers to cause a DoS via crafted SQL statements...

SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the artmdivint component, enabling attackers to cause a DoS via crafted SQL statements...

SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the dfeunitcolloci component, allowing attackers to cause a DoS via crafted SQL statements...

SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the sqloqueryspec component, enabling attackers to cause a DoS via crafted SQL statements...

SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the mpboxcopy component, enabling attackers to cause a DoS via crafted SQL statements...

SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the kcvarcol component, enabling attackers to cause a DoS via crafted SQL statements...

SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the sqlounionscope component, enabling attackers to cause a DoS via crafted SQL statements...

RuvarOA PageID Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of external SQL statements in the PageID parameter of the /WebUtility/getfindcondiction.aspx file. An attacker can exploit this...

F5 BIG-IP Next Central Manager OData Injection Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An OData injection vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited to send crafted SQL statemen...

CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

CVE-2024-32655

Summary of CVE-2024-32655 (Npgsql) : The vulnerability arises in the WriteBind() implementation of Npgsql, where int variables used to track the Postgres protocol message length and the sum of parameter lengths overflow when the total exceeds integer capacity. This causes the constructed message ...

K000138733: BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026

Security Advisory Description An SQL injection vulnerability exists in the BIG-IP Next Central Manager API URI. CVE-2024-26026 Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Next Central Manager API URI. This vulnerability...

K000138732: BIG-IP Next Central Manager OData Injection vulnerability CVE-2024-21793

Security Advisory Description An OData injection vulnerability exists in the BIG-IP Next Central Manager API URI. CVE-2024-21793 Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements which may allow the attacker to access but not update information...

CVE-2024-25533

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...

CVE-2023-38724

Summary: CVE-2023-38724 affects IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0. The issue is a SQL injection vulnerability that could allow a remote attacker to view, add, modify, or delete data in the back-end database when exploiting crafted SQL statements. The connected/official rem...

FUDForum 安全漏洞

FUDForum is a PHP-based open source forum software. A security vulnerability exists in FUDForum version v3.1.3, which originates from a stored cross-site scripting XSS vulnerability in the SQL statements field of /adm/admsql.php...

PT-2024-23687 · Fudforum · Fudforum

Name of the Vulnerable Software and Affected Versions: FUDforum version 3.1.3 Description: A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under the "/adm/admsql.php" API endpoin...

ROS-20240402-15

A vulnerability in the virtuoso-opensource web application development platform is related to the invocation of a denial of Denial of Service DoS using specially crafted SQL statements. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A...

Apache Fineract SQL Injection Vulnerability (CNVD-2024-16106)

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract versions prior to 1.8.5...