Lucene search
K

65 matches found

Cvelist
Cvelist
added 2018/06/07 2:0 a.m.33 views

CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

9.7AI score0.10513EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.48 views

activerecord vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...

7.5CVSS8.1AI score0.02375EPSS
Exploits0References15Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.26 views

SQL Injection Vulnerability in quote_table_name in rails/activerecord

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a craft...

7.5CVSS8.6AI score0.02375EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2016/02/29 12:0 a.m.30 views

phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability

The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...

6.8CVSS1.4AI score0.03109EPSS
Exploits0References4
OSV
OSV
added 2014/12/26 2:59 a.m.5 views

DEBIAN-CVE-2011-3592

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

3.5CVSS5.8AI score0.01449EPSS
Exploits0References1
OSV
OSV
added 2014/11/30 11:59 a.m.1 views

DEBIAN-CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

4.3CVSS7.9AI score0.02441EPSS
Exploits0References1
OSV
OSV
added 2014/11/30 11:59 a.m.4 views

UBUNTU-CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

4.3CVSS7.3AI score0.02441EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2014/11/30 11:0 a.m.41 views

CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

4.3CVSS5.3AI score0.02441EPSS
Exploits0
NVD
NVD
added 2014/07/20 11:12 a.m.21 views

CVE-2014-4986

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

3.5CVSS5.2AI score0.01605EPSS
Exploits0References6
OSV
OSV
added 2014/07/20 11:12 a.m.1 views

DEBIAN-CVE-2014-4986

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

3.5CVSS8.2AI score0.01605EPSS
Exploits0References1
OSV
OSV
added 2014/07/20 11:12 a.m.6 views

UBUNTU-CVE-2014-4986

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

3.5CVSS7.3AI score0.01605EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2014/07/20 10:0 a.m.62 views

CVE-2014-4986

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

3.5CVSS5.3AI score0.01605EPSS
Exploits0
rdot
rdot
added 2013/09/29 12:0 a.m.501 views

MySQL: Обход фильтрации символов в имени колонок

Прим.: Вариант, который потерялся, и о котором никто не напомнил: https://rdot.org/forum/showpost.php?...2&postcount=10 Материал ниже все равно может быть полезен при изучении специфических SQL-запросов в MySQL и при некоторых типах WAF. ------------ Недавно, изучая одну уязвимость возникла...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2012/01/21 12:0 a.m.21 views

EWD SQL Injection

|=----=----=----=----=----=--------=| | | | /\ /\ \ /\ /\ \ | | //\ /\ \ \L\ \ \ \ \ Turki$ hackers | | \ \ \ \ \ users / /+ column = name + password / / /+ injection / http://www.thecompletepianist.com/material.php?id=-18+union+select+1,2,name,4,password,6,7,8+from+users / /...

0.3AI score
Exploits0
OSV
OSV
added 2011/08/29 6:55 p.m.8 views

CVE-2011-2930

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...

8.2AI score
Exploits0References12
NVD
NVD
added 2011/08/29 6:55 p.m.22 views

CVE-2011-2930

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...

7.5CVSS8.2AI score0.02375EPSS
Exploits0References12
Prion
Prion
added 2011/08/29 6:55 p.m.30 views

Sql injection

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...

7.5CVSS8.9AI score0.02375EPSS
Exploits0References12Affected Software2
Debian CVE
Debian CVE
added 2011/08/29 6:0 p.m.61 views

CVE-2011-2930

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...

7.5CVSS8.2AI score0.02375EPSS
Exploits0
OSV
OSV
added 2011/08/29 5:55 p.m.4 views

DEBIAN-CVE-2011-3181

Multiple cross-site scripting XSS vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a 1 table name, 2 column name, or 3 index name...

4.3CVSS5.7AI score0.02326EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2011/08/29 5:55 p.m.39 views

CVE-2011-3181

Multiple cross-site scripting XSS vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a 1 table name, 2 column name, or 3 index name...

4.3CVSS5.9AI score0.02326EPSS
Exploits1References1
Rows per page
Query Builder