cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

CVE-2022-23972

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database...

CLSA-2022-1646061262 Fix CVE(s): CVE-2022-24407

SECURITY UPDATE: SQL injection in SQL plugin - debian/patches/CVE-2022-24407.patch: escape password for SQL insert/update commands in plugins/sql.c. - CVE-2022-24407...

AZL-8794 CVE-2022-24407 affecting package cyrus-sasl for versions less than 2.1.28-1

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

WordPress plugin WP Statistics SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Statistics plugin 13.1.5 and earlier versions are vulnerable to SQL injection, which can be exploited by attackers to...

Cybonet PineApp Mail Secure SQL注入漏洞

Cybonet PineApp Mail Secure is Cybonet Israel's solution for blocking most malicious email threats at the network perimeter, while providing a range of additional options for comprehensive security and messaging control.Cybonet PineApp Mail Relay is vulnerable to a SQL injection vulnerability tha...

Hms SQL注入漏洞

HMS is a computer or web-based hospital management system in Bangladesh. Useful for managing the operations of a hospital or any medical facility, a SQL injection vulnerability exists in HMS v1.0, which stems from the fact that the product admin.php page does not do effective filtering of special...

RosarioSis SQL注入漏洞

RosarioSis is a free and open source student information system. It is used to manage students, create reports and make the right decisions. An SQL injection vulnerability exists in RosarioSIS versions prior to 7.6.1, which originates from the votes parameter in...

USN-5301-2 cyrus-sasl2 vulnerability

USN-5301-1 fixed a vulnerability in Cyrus. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrar...

USN-5301-1 cyrus-sasl2 vulnerability

It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands...

DEBIAN-CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2022-25322

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection...

ZEROF Web Server SQL注入漏洞

ZEROF Web Server is an open source Web framework that simplifies modern Web development . It allows you to build applications without having to worry about package management or routing. ZEROF Web Server has a SQL injection vulnerability that allows HandleEvent SQL injection...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via maliciously crafted SQL queries made via editing the Database File, it is possible to query a record and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain...

EasyCMS SQL注入漏洞

EasyCMS is a Php-based website builder from the EasyCMS community. A SQL injection vulnerability exists in EasyCMS, which stems from the product ArticlemAction.class.php file not effectively handling special characters in user-supplied search term data. An attacker can execute malicious SQL...

Metinfo MetInfo SQL注入漏洞

MetInfo is a content management system CMS developed using PHP and Mysql. A SQL injection vulnerability exists in Metinfo, which stems from the product's failure to secure the special characters in the doModify parameter in the languagegeneral.class.php file. An attacker could exploit this...

Tongda2000 SQL注入漏洞

A SQL injection vulnerability exists in Tongda2000, a web-based intelligent office system from China Tongda, which originates from the dname parameter in the product's exportdata.php file that does not securely handle special characters in user input data. An attacker can execute malicious SQL...