SQL Injection in sails-mysql

Versions of sails-mysql prior to 0.10.8 are vulnerable to SQL Injection. The sort keyword is not properly sanitized and may allow attackers to inject SQL statements and execute arbitrary SQL queries Recommendation Upgrade to version 0.10.8 or later...

Hyland OnBase SQL Injection

CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - https://www.hyland.com/en/ and https://www.onbase.com/en/ Product ------------------------------------------------- Hylan...

CVE-2020-5624

SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2020-5624

SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2020-5624

SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-4472-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4472-1 advisory. Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote...

Debian DLA-2331-1 : posgresql-9.6 security update

Andres Freund found an issue in the PostgreSQL database system where an uncontrolled search path could allow users to run arbitrary SQL functions with elevated priviledges when a superuser runs certain CREATE EXTENSION' statements. For Debian 9 stretch, this problem has been fixed in version...

CVE-2020-12606

An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xpcmdshell stored...

UBUNTU-CVE-2020-14349

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

CVE-2020-15925

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPFXPAR1 parameter...

Sql injection

A SQL injection vulnerability in the qmadm/qmexportstatsrun.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter...

CVE-2020-15947

A SQL injection vulnerability in the qmadm/qmexportstatsrun.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter...

CVE-2020-14349

A flaw was found in PostgreSQL, where it did not properly sanitize the searchpath during logical replication. This flaw allows an authenticated attacker to use this flaw in an attack similar to CVE-2018-1058 to execute an arbitrary SQL command in the user's context for replication. The highest...

Munkireport reportdata SQL Injection Vulnerability

Munkireport is a reporting tool for the Munki software management program. reportdata is one of the widget modules. A SQL injection vulnerability exists in the reportdatacontroller.php file in MunkiReport prior to version 3.5. The vulnerability can be exploited to execute arbitrary SQL commands...

CVE-2020-15886

A SQL injection vulnerability in reportdatacontroller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint...

CVE-2020-12013

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A 9.50.255.02; ICONICS GenBroker6...

CVE-2020-3378 Cisco SD-WAN vManage Software SQL Injection Vulnerability

A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An...

Phpzag SQL Injection (CVE-2020-8519; CVE-2020-8520; CVE-2020-8521)

An SQL injection vulnerability exists in Phpzag. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

Engel & Völkers Technology GmbH: SQL Injection at /displayPDF.php (printshop.engelvoelkers.com)

Intro An SQL injection has been identified. Through this vulnerability an attacker could execute arbitrary SQL statements compromising the integrity of the database and obtain sensitive information, violating the confidentiality of the data. Given the great impact of the vulnerability and...