DEBIAN-CVE-2014-2323

SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...

PT-2014-2876

Name of the Vulnerable Software and Affected Versions Digital Signage Xibo version 1.4.2 Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the displayid parameter in the "index.php" file. Recommendations For Digital Signage Xibo...

How do I get my data out of Nexpose? Answer: SQL Query Export

Do any of these these questions sound familiar? "Printable reports are really valuable and I use them on a daily basis. However, is there a section that I can add to show a summary by asset group or site?" "I really like the XML format, but its a little hard to process and I have to write code to...

cumin: filtering table operator not checked, leads to potential SQLi

SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...

php: PG(magic_quote_gpc) was not restored on shutdown

PHP before 5.3.10 does not properly perform a temporary change to the magicquotesgpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/phpvariables.c, sapi/cgi/cgimain.c, and...

UBUNTU-CVE-2013-4313

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

DEBIAN-CVE-2013-5589

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2013-5589

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

Cisco Unified Operations Manager SQL Injection Vulnerability

A vulnerability in the management application of the Cisco Unified Operations Manager could allow an authenticated, remote attacker to execute arbitrary Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker...

DEBIAN-CVE-2013-0333

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

Trend Micro Control Manager vulnerable to SQL injection

Overview Trend Micro Control Manager contains a SQL injection vulnerability. Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Tom Gregory and Mada R Perdhana of Spentera reported this vulnerability to JPCERT/CC. JPCERT/CC...

CVE-2011-5135

Multiple SQL injection vulnerabilities in the saveconnection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the 1 coursereportuiconfigname or 2...

DEBIAN-CVE-2012-3435

SQL injection vulnerability in frontends/php/popupbitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter...

CVE-2010-5037

SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the articleid parameter...

CVE-2010-4980

SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter...

CVE-2010-4981

SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4990

SQL injection vulnerability in the Front-edit Address Book comaddressbook component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php...

CVE-2009-5088

SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter...

CVE-2011-1667

SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action...

Oracle MySQL Database COM_FIELD_LIST Buffer Overflow (CVE-2010-1850)

MySQL is a popular open-source implementation of a relational database that supports the Structured Query Language SQL for querying and updating stored data. A security bypass vulnerability exists in MySQL database server. The vulnerability is due to an error while parsing a table name argument o...