AlmaLinux 8 : postgresql:12 (ALSA-2021:5235)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5235 advisory. postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from man-in-the-middle CVE-2021-23214 Tenabl...

Sql injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusionreason parameter found in the /includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtai...

Enalean Tuleap SQL Injection Vulnerability (CNVD-2021-103507)

Enalean Tuleap is a set of open source software development and project management tools from the French company Enalean. The tool provides enterprise application lifecycle management, as well as project tracking, source code management and team collaboration.Enalean Tuleap is vulnerable to SQL...

CVE-2021-43806

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with...

Genesys Intelligent Workload Distribution SQL Injection Vulnerability (CNVD-2022-05704)

Genesys Intelligent Workload Distribution is an application from Genesys, Inc. Genesys intelligent Workload Distribution is vulnerable to SQL injection in 9.0.013.11, which can be exploited by attackers to execute arbitrary SQL queries via the "ql expression" parameter to execute arbitrary SQL...

CVE-2021-40861

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the...

Sql injection

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the qlexpression parameter, with which all data in the database can be extracted and OS command execution is possible...

CVE-2021-40861

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the...

CVE-2021-40860

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the qlexpression parameter, with which all data in the database can be extracted and OS command execution is possible...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93830)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93825)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleanin...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93824)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleanin...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93822)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-92432)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93827)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-92433)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-90860)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-90863)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection Vulnerability

Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added, Pentaho makes a HTTP request to the dashboards editor /pentaho/api/repos/dashboards/editor in order to test the connectio...

SQL Injection

dolphinScheduleris is vulnerable to SQL injection. The vulnerability exists due to lack of sanitization of user input in data source center, allowing authorized malicious users to inject and execute arbitrary SQL Queries...