Lucene search
K

173 matches found

Veracode
Veracode
added 2020/01/28 4:50 a.m.19 views

SQL Injection

geocoder is vulnerable to SQL injection. The vulnerability exists in sql.rb as the unvalidated values of swlat, swlng, nelat, nelng could be used in conjunction with withinboundingbox to inject and execute arbitrary SQL statements...

9.8CVSS3.8AI score0.01484EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/01/15 5:15 p.m.17 views

CVE-2005-4891

Simple Machine Forum SMF versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements...

9.8CVSS9.8AI score0.01756EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2019/11/05 12:0 a.m.362 views

SD.NET RIM 4.7.3c SQL Injection

Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ Version: 4.7.3c Tested on: 4.7.3c...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/05 12:0 a.m.222 views

SD.NET RIM 4.7.3c - 'idtyp' SQL Injection

Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ Version: 4.7.3c Tested on: 4.7.3c...

7.4AI score
Exploits0
Veracode
Veracode
added 2019/09/10 6:55 a.m.12 views

SQL Injection

librenms/librenms is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL statements via the searchPhrase parameter in ajaxtable.php...

8.8CVSS5.6AI score0.01346EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/08/20 12:0 a.m.42 views

GLSA-201908-09 : SQLite: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201908-09 SQLite: Multiple vulnerabilities Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could, by executing arbitrary SQL...

8.1CVSS7AI score0.06683EPSS
Exploits1References4
Veracode
Veracode
added 2019/07/19 3:16 a.m.15 views

SQL Injection

salt is vulnerable to SQL injection. User-controlled parameter values are directly concatenated into the update password SQL queries, allowing an attacker to inject arbitrary SQL statements via the user and host parameters...

9.8CVSS9.9AI score0.01883EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2019/06/13 2:40 a.m.9 views

SQL Injection

resquel is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL statements in the application due to the lack of query parameters sanitization...

8.1AI score
Exploits0
Veracode
Veracode
added 2019/04/11 2:48 a.m.18 views

SQL Injection

sequelize is vulnerable to SQL injection when using with PostgreSQL. This is due to backslashes that are not being escaped properly in non-standard strings, allowing a remote attacker to inject and execute arbitrary SQL statements in the database...

7.5CVSS8.2AI score0.01823EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2019/04/03 6:29 p.m.23 views

Code injection

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service application crash by leveraging the ability to run arbitrary SQL statements such as in certain WebSQL use cases...

5CVSS8.5AI score0.06766EPSS
Exploits1References22Affected Software6
NVD
NVD
added 2018/06/29 4:29 p.m.16 views

CVE-2018-12464

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in...

10CVSS8.8AI score0.80539EPSS
Exploits5References3
Prion
Prion
added 2018/06/07 9:29 p.m.23 views

Sql injection

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance...

6.5CVSS8.5AI score0.0129EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2018/04/04 12:29 a.m.12 views

Code injection

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

7.5CVSS9.8AI score0.01577EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/04/04 12:0 a.m.20 views

CVE-2018-9247

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

9.9AI score0.01577EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2017/05/04 12:0 a.m.3 views

ManageEngine Applications Manager MenuHandlerServlet SQL Injection (CVE-2016-9488)

An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the configid parameter when processing requests sent to MenuHandlerServlet servlet. By sending crafted request messages, a remote unauthenticated attacker can exploi...

7.5CVSS5.2AI score0.04772EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/09 12:0 a.m.26 views

JVN#84982142: Pref Shimane CMS vulnerable to SQL injection

Pref Shimane CMS is an open-source Contents Management System CMS. Pref Shimane CMS contains an SQL injection vulnerability. Impact A logged in attacker may execute arbitrary SQL statements. Solution Update the Software Update to the latest version according to the information provided by the...

6.5CVSS7.6AI score0.01711EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/06/17 12:0 a.m.25 views

ManageEngine Applications Manager IT360UtilitiesServlet SQLi

The remote host is running a version of ManageEngine Applications Manager that is affected by a SQL injection vulnerability due to improper validation of user-supplied input to the 'IT360UtilitiesServlet' servlet. A remote attacker can exploit this flaw to execute arbitrary SQL statements. Note...

6.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/06/26 12:0 a.m.217 views

Revive Adserver 'www/delivery/axmlrpc.php' 'what' Parameter SQL Injection

The Revive Adserver install hosted on the remote web server is affected by a SQL injection vulnerability because the 'www/delivery/axmlrpc.php' script fails to properly sanitize user-supplied input passed to the 'what' parameter. This can allow a remote, unauthenticated attacker to execute...

7.5CVSS6.4AI score0.02011EPSS
Exploits1References3
Gentoo Linux
Gentoo Linux
added 2014/01/21 12:0 a.m.46 views

Active Record: SQL injection

Background Active Record is a Ruby gem that allows database entries to be manipulated as objects. Description An Active Record method parameter can mistakenly be used as a scope. Impact A remote attacker could use specially crafted input to execute arbitrary SQL statements. Workaround The...

7.5CVSS7.4AI score0.04458EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2012/09/26 12:0 a.m.39 views

SQLAlchemy: SQL injection

Background SQLAlchemy is a Python SQL toolkit and Object Relational Mapper. Description SQLAlchemy does not properly sanitize input passed from the “limit” and “offset” keywords to the select function before using it in an SQL query. Impact A remote attacker could exploit this vulnerability to...

7.5CVSS7.2AI score0.02862EPSS
Exploits2
Rows per page
Query Builder