SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the column.go processing in the PostgreSQL and MySQL table schema components. An attacker can tamper with the database table structure and potentially leak data by creating a malicious Table CRD with crafted column...

EUVD-2014-9089

Malware in sbrugna...

SUSE CVE-2017-15571

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/list.html.erb via crafted column data...

Remote Code Execution in pg

Affected versions of pg contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. There are two specific scenarios in which it is likely for an application to be vulnerable: 1. The application executes unsafe, user-supplied sql...

GHSA-WC9V-MJ63-M9G5 Remote Code Execution in pg

Affected versions of pg contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. There are two specific scenarios in which it is likely for an application to be vulnerable: 1. The application executes unsafe, user-supplied sql...

DEBIAN-CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

activerecord vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...

SQL Injection Vulnerability in quote_table_name in rails/activerecord

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a craft...

DEBIAN-CVE-2017-15571

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/list.html.erb via crafted column data...

DEBIAN-CVE-2017-15570

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/list.html.erb via crafted column data...

CVE-2017-15571

CVE-2017-15571 affects Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3. The vulnerability is a cross-site scripting (XSS) flaw in app/views/issues/_list.html.erb caused by crafted column data, enabling injection of HTML/script in affected deployments. Connected sources conf...

CVE-2017-15571

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/list.html.erb via crafted column data...

CVE-2014-9264

Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias...

Stack overflow

Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias...

CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

UBUNTU-CVE-2014-4986

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

CVE-2014-4986

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

CVE-2011-4634

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

CVE-2011-2930

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...

Sql injection

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...