173 matches found
SQL Injection
geocoder is vulnerable to SQL injection. The vulnerability exists in sql.rb as the unvalidated values of swlat, swlng, nelat, nelng could be used in conjunction with withinboundingbox to inject and execute arbitrary SQL statements...
CVE-2005-4891
Simple Machine Forum SMF versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements...
SD.NET RIM 4.7.3c SQL Injection
Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ Version: 4.7.3c Tested on: 4.7.3c...
SD.NET RIM 4.7.3c - 'idtyp' SQL Injection
Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ Version: 4.7.3c Tested on: 4.7.3c...
SQL Injection
librenms/librenms is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL statements via the searchPhrase parameter in ajaxtable.php...
GLSA-201908-09 : SQLite: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201908-09 SQLite: Multiple vulnerabilities Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could, by executing arbitrary SQL...
SQL Injection
salt is vulnerable to SQL injection. User-controlled parameter values are directly concatenated into the update password SQL queries, allowing an attacker to inject arbitrary SQL statements via the user and host parameters...
SQL Injection
resquel is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL statements in the application due to the lack of query parameters sanitization...
SQL Injection
sequelize is vulnerable to SQL injection when using with PostgreSQL. This is due to backslashes that are not being escaped properly in non-standard strings, allowing a remote attacker to inject and execute arbitrary SQL statements in the database...
Code injection
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service application crash by leveraging the ability to run arbitrary SQL statements such as in certain WebSQL use cases...
CVE-2018-12464
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in...
Sql injection
A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance...
Code injection
The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...
CVE-2018-9247
The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...
ManageEngine Applications Manager MenuHandlerServlet SQL Injection (CVE-2016-9488)
An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the configid parameter when processing requests sent to MenuHandlerServlet servlet. By sending crafted request messages, a remote unauthenticated attacker can exploi...
JVN#84982142: Pref Shimane CMS vulnerable to SQL injection
Pref Shimane CMS is an open-source Contents Management System CMS. Pref Shimane CMS contains an SQL injection vulnerability. Impact A logged in attacker may execute arbitrary SQL statements. Solution Update the Software Update to the latest version according to the information provided by the...
ManageEngine Applications Manager IT360UtilitiesServlet SQLi
The remote host is running a version of ManageEngine Applications Manager that is affected by a SQL injection vulnerability due to improper validation of user-supplied input to the 'IT360UtilitiesServlet' servlet. A remote attacker can exploit this flaw to execute arbitrary SQL statements. Note...
Revive Adserver 'www/delivery/axmlrpc.php' 'what' Parameter SQL Injection
The Revive Adserver install hosted on the remote web server is affected by a SQL injection vulnerability because the 'www/delivery/axmlrpc.php' script fails to properly sanitize user-supplied input passed to the 'what' parameter. This can allow a remote, unauthenticated attacker to execute...
Active Record: SQL injection
Background Active Record is a Ruby gem that allows database entries to be manipulated as objects. Description An Active Record method parameter can mistakenly be used as a scope. Impact A remote attacker could use specially crafted input to execute arbitrary SQL statements. Workaround The...
SQLAlchemy: SQL injection
Background SQLAlchemy is a Python SQL toolkit and Object Relational Mapper. Description SQLAlchemy does not properly sanitize input passed from the “limit” and “offset” keywords to the select function before using it in an SQL query. Impact A remote attacker could exploit this vulnerability to...