6197 matches found
Multiple SQL Injection Vulnerabilities in ZeroCMS
ZeroCMS is a simple content management system, built with PHP and MySQL. ZeroCMS suffers from multiple SQL injection vulnerabilities due to the program failing to properly filter user-supplied input. An attacker is allowed to exploit this vulnerability to access or modify data, or to exploit a...
PT-2023-25553 · Monetdb +1 · Monetdb Server +1
Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the sql trans copy key component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For versions 11.45.17 and 11.46.0, upda...
PT-2023-25556 · Monetdb +1 · Monetdb Server +1
Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the list append component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For versions 11.45.17 and 11.46.0, update to a...
CFME: REST API SQL Injection
It was found that CloudForms 4 exposed SQL filters via the REST API without any input escaping. An authenticated user could use this flaw to perform SQL injection attacks against the CloudForms Management Engine database...
WordPress Plugin Cdnvote SQL Injection Vulnerability
WordPress is a use of PHP language development of blogging platform , users can support PHP and MySQL database server set up their own weblog . cdnvote is a WordPress plugin to create a voting module . WordPress plugin Cdnvote has a SQL injection vulnerability. A remote attacker can exploit this...
WordPress Social Slider Plugin SQL Injection Vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.Social Slider is a social sharing button display plugin. Social Slider plugin suffers from a SQL injection vulnerability that allows remo...
HumHub SQL Injection Vulnerability
HumHub is a flexible, open source social networking system developed in PHP. HumHub 0.10.0-rc.1 and earlier versions suffer from a SQL injection vulnerability that allows remote authenticated users to execute arbitrary SQL commands...
PMB SQL Injection Vulnerability
PMB is a WEB-based application. The PMB catalog.php script fails to properly filter the id parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...
Osclass 'alert' Parameter SQL Injection Vulnerability
OSClass is a PHP MySQL based development , used to create and manage classified ads website open source system . The Osclass 'alert' parameter suffers from a SQL injection vulnerability because it fails to adequately filter user-supplied data before using it in a SQL query. Allows an attacker to...
mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC...
CVE-2014-2081
Multiple SQL injection vulnerabilities in the login in webreports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...
UBUNTU-CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...
UBUNTU-CVE-2013-2226
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...
DEBIAN-CVE-2014-2708
Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...
UBUNTU-CVE-2014-2708
Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...
DEBIAN-CVE-2014-2323
SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...
PT-2014-2876
Name of the Vulnerable Software and Affected Versions Digital Signage Xibo version 1.4.2 Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the displayid parameter in the "index.php" file. Recommendations For Digital Signage Xibo...
How do I get my data out of Nexpose? Answer: SQL Query Export
Do any of these these questions sound familiar? "Printable reports are really valuable and I use them on a daily basis. However, is there a section that I can add to show a summary by asset group or site?" "I really like the XML format, but its a little hard to process and I have to write code to...
cumin: filtering table operator not checked, leads to potential SQLi
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...
php: PG(magic_quote_gpc) was not restored on shutdown
PHP before 5.3.10 does not properly perform a temporary change to the magicquotesgpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/phpvariables.c, sapi/cgi/cgimain.c, and...