Web-Based Student Clearance System SQL注入漏洞

Web-Based Student Clearance System is a web-based student clearance system. A SQL injection vulnerability exists in Web-Based Student Clearance System version 1.0, which originates from the lack of validation of externally entered SQL statements in the parameter Student in /libsystem/login.php. A...

IBM Db2 Input Validation Error Vulnerability (CNVD-2023-9817341)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an input validation error vulnerability that originates from allowing an attacker ...

CVE-2023-48945

Openlink virtuoso-opensource is vulnerable to stack overflow vulnerability which allows a remote attackers to cause Denial of Service using crafted SQL statements...

Amazon Linux 2 : virtuoso-opensource (ALAS-2023-2360)

The version of virtuoso-opensource installed on the remote host is prior to 7.2.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2360 advisory. 2024-03-13: CVE-2023-31618 was added to this advisory. 2024-03-13: CVE-2023-31627 was added to this advisory...

CVE-2023-48945

A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-48945

A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

Stack overflow

A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-48945

A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-48945

A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-48945

CVE-2023-48945 describes a stack overflow in openlink virtuoso-opensource v7.2.11 that enables a Denial of Service (DoS) through crafted SQL statements. Multiple connected sources (NVD entry, OSV/DEBIAN, and Nessus/OpenVAS feeds) confirm the affected product/version and the DoS impact, but none p...

PT-2023-8878 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.11 Description: The issue is related to a stack overflow in the openlink virtuoso-opensource platform, which can be exploited by attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-48945

A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

Mars: Blind SQL Injection on █████ via URI Path

The vulnerability involved a time-based SQL injection attack on the target system via the URI path. The attack capitalized on vulnerabilities in the application's interactions with the database, allowing the attacker to extract information by purposefully delaying database processing and observin...

Adobe RoboHelp SQL Injection Vulnerability

Adobe RoboHelp is a help authoring tool developed and released for Windows by the American company Audobee Adobe. Adobe RoboHelp Server suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit the...

Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()

Summary User input passed directly into an SQL statement allows non-admin backend users to execute arbitrary SQL statements. Details The /admin/object/grid-proxy endpoint calls getFilterCondition on fields of classes to be filtered for at...

mariadb: server crash at my_decimal::operator=

A flaw was found in MariaDB. The component, mydecimal::operator=, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

BIT-2022-27377

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Itemfuncin::cleanup, which is exploited via specially crafted SQL statements...

BIT-2022-27383

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component mystrcasecmp8bit, which is exploited via specially crafted SQL statements...

GO-2023-2162 SQL Injection in List Endpoints in github.com/flyteorg/flyteadmin

A malicious user can send a REST request to a List endpoint with filters that contain custom SQL statements. This can result in SQL injection...

CVE-2023-41891 FlyteAdmin SQL Injection in List Filters

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...