CVE-2019-10208

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can...

Sql injection

Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details...

YouPHPTube pluginSwitch.json.php file SQL injection vulnerability

YouPHPTube is a PHP-based video website system. A SQL injection vulnerability exists in the pluginSwitch.json.php file in YouPHPTube version 7.6. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit the...

SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2019:2707-1)

This update for postgresql10 fixes the following issues : Security issue fixed : CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092. Note that Tenable Network Security has extracted the preceding description blo...

CVE-2019-17119

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...

Sql injection

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...

SUSE-SU-2019:2707-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092...

SUSE-SU-2019:2159-1 Security update for postgresql96

This update for postgresql96 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092...

JVN#14776551: Multiple vulnerabilities in WordPress Plugin "wpDataTables Lite"

WordPress Plugin "wpDataTables Lite" provided by TMS-Plugins contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6011 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...

SQL Injection

Centreon Web is vulnerable to SQL injection. The hostid parameter in makeXMLListServices.php is directly appended to the SQL query, allowing an attacker to inject and execute arbitrary SQL script through the affected parameter...

CVE-2008-0785

Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the 1 graphlist parameter to graphview.php, 2 leafid and id parameters to tree.php, 3 localgraphid parameter to graphxport.php, and 4...

CVE-2007-5976

SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...

LabCollector 5.423 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: LabCollector Laboratory Information System 5.423 - Multiples SQL Injection Software Links/Project: https://www.labcollector.com/clientarea/downloads.php Version: LabCollector Laboratory Information System 5.423 Exploit Author:...

eBrigade SQL Injection Vulnerability (CNVD-2019-35774)

eBrigade is a rescue team management system. The system includes personnel management, vehicle management and equipment management. A SQL injection vulnerability exists in eBrigade versions prior to 5.0, which can be exploited by attackers to execute illegal SQL commands...

The vulnerability of the SECURITY DEFINER function in the PostgreSQL database management system allows a hacker to execute arbitrary SQL commands.

The vulnerability of the SECURITY DEFINER function in the PostgreSQL database management system is related to the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

CVE-2019-15301

A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter...

CVE-2019-5991

SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2019-5996

SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

SQL Injection

librenms/librenms is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL statements via the searchPhrase parameter in ajaxtable.php...

SUSE SLES12 Security Update : postgresql94 (SUSE-SU-2019:2158-1)

This update for postgresql94 fixes the following issues : Security issue fixed : CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092. Note that Tenable Network Security has extracted the preceding description blo...