EUVD-2004-1947

Malware in sbrugna...

CVE-2025-45018

A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter...

LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection

A SQL injection vulnerability exists in the duckdbretriever component of the run-llama/llamaindex repository, specifically in llama-index-retrievers-duckdb-retriever prior to v0.4.0. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an...

ROS-20250109-04

Vulnerability of the Fields plug-in of the GLPI system of requests, incidents and inventory of computer equipment is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow An attacker acting remotely could execute arbitrary SQL code...

ROS-20240911-21

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

ROS-20240911-19

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

Design/Logic Flaw

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the pollers.php script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the pollers.php. Impact of...

PT-2024-12: SQL Injection in Cacti

The vulnerability was identified in Cacti version 1.2.25 and below. It allows to execute arbitrary SQL code. The vulnerability can be exploited by an authorized user using the vulnerable component pollers.php. Vulnerability status: Confirmed by vendor Date of vulnerability detection: 22.12.2023...

PT-2023-8525 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions 1.2.25 and prior Description: The issue is related to a lack of protection in the SQL query structure of the Cacti network monitoring tool, specifically in the pollers.php script. This allows an authorized user to execute...

Simple Attendance System 1.0 SQL Injection

Exploit Title: Simple Attendance System 1.0 - Unauthenticated Blind SQLi Exploit Author: t//\1 Date: September 21, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Tested on: Linux Version: v1.0 Exploit Description: The...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-4472-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4472-1 advisory. Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote...

Zoho ManageEngine Applications Manager SQL Injection (CVE-2019-11469)

A SQL injection vulnerability exists in Zoho ManageEngine Applications Manager. The vulnerability is due to improper validation of user-supplied input in FaultTemplateOptions.jsp. Successful exploitation could result in arbitrary SQL code execution...

Zoho ManageEngine Applications Manager SQL Injection (CVE-2019-11448)

A SQL injection vulnerability exists in Zoho ManageEngine Applications Manager. The vulnerability is due to improper validation of user-supplied input in PopupSLA.jsp. Successful exploitation could lead to arbitrary SQL code execution...

Zoho ManageEngine OpManager SQL Injection (CVE-2018-17823; CVE-2018-17283)

An SQL injection vulnerability exists in ManageEngine. This vulnerability is due to insufficient validation of the name parameter when processing requests sent. Successful exploitation could lead to arbitrary SQL code execution in the security context of database service...

SQL Injection

Dolibarr is vulnerable to SQL injection attacks. The attacks exist because it does not properly sanitize the viewstatut and propalstatut aka searchstatut parameters in comm/propal/list.php, allowing the authenticated user to inject arbitrary SQL code through it...

phpCollab 2.5.1 - SQL Injection

phpCollab 2.5.1 - SQL Injection CVE-2017-6089 PhpCollab 2.5.1 Multiple SQL Injections unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. SQL injections The phpCollab code does not correctly filter arguments,...

mcart.xls Bitrix Module 6.5.2 - SQL Injection

Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Public Disclosure: January 13, 2016 Vulnerabilit...

ManageEngine Applications Manager CommonAPIUtil enableDisableAlarmsAction SQL Injection

An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the resourceid and haid parameters when processing requests using the enableDisableAlarmsAction method of the CommonAPIUtil class. By sending crafted request message...

ManageEngine Applications Manager CommonAPIUtil moveSubGroup haid tohaid SQL Injection

An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the haid and tohaid parameters when processing requests using the moveSubGroup method of the CommonAPIUtil class. By sending crafted request messages, a remote...

ManageEngine OpManager APMAlertOperationsServlet source SQL Injection

An SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the source parameter when processing requests sent to APMAlertOperationsServlet servlet. A remote attacker can exploit this vulnerability to inject and execute arbitrary SQL co...