13181 matches found
OpenHIS 安全漏洞
OpenHIS is a web-based hospital management application from China Xinzhi OpenHIS. A SQL injection vulnerability exists in OpenHIS v.1.0, which stems from a lack of validation of externally-entered SQL statements in the refund function of the PayController.class.php component. An attacker can...
Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability
Ivanti Cloud Services Appliance CSA contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements...
CVE-2024-9379
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...
CVE-2024-9379
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...
CVE-2024-44349
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB...
CVE-2024-9379
Ivanti Cloud Services Appliance (CSA) admin web console contains a SQL injection vulnerability (CVE-2024-9379) in versions prior to 5.0.2. The issue allows a remote attacker with admin privileges to execute arbitrary SQL statements. Remediation per sources is to upgrade to Ivanti CSA version 5.0....
CVE-2024-44349
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB...
CVE-2024-44349
AnteeoWMS is affected by a SQL injection in the login portal present in versions prior to 4.7.34. The vulnerability allows unauthenticated attackers to inject SQL via the username parameter and potentially disclose data from the underlying database. The issue is documented across multiple sources...
CVE-2024-41512
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter...
CVE-2024-41512
CADClick v1.11.0 and earlier contains a SQL injection in ccHandler.aspx via the bomid parameter, enabling remote arbitrary SQL execution. Affected component: web API endpoint ccHandler.aspx; root cause: unsafely handling bomid leads to injection. Impact: potential data exposure, modification, or ...
CVE-2024-41512
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter...
CVE-2024-41512
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter...
Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgrade to 15.8 bsc1229013 CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...
SUSE-SU-2024:3158-3 Security update for postgresql16
This update for postgresql16 fixes the following issues: - Upgrade to 15.8 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013...
Important: postgresql
Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...
Important: postgresql
Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...
Important: postgresql
Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...
Important: libpq
Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...
CVE-2024-39842
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs...
CVE-2024-39843
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs...