28 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the SQL function. An attacker can gain unauthorized access to sensitive database content and potentially modify data by sending crafted SQL queries to the /api/query/sql endpoint as a low-privileged user...
Elastic Elasticsearch 安全漏洞
Elastic Elasticsearch is a search engine based on the Lucene library from the Dutch company Elastic. A security vulnerability exists in Elastic Elasticsearch that stems from the presence of unrestricted or throttled resource allocation, which could lead to a crash through the use of specially...
CVE-2024-55593
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries...
Security Bulletin: IBM DB2 used by IBM Security Verify Governance has multiple vulnerabilities
Summary IBM Security Verify Governance supports IBM DB2 database. Information about security vulnerabilities affecting IBM DB2 has been published in security bulletins. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5,...
CVE-2023-36968
A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter...
CVE-2023-36968
A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter...
Cisco Unified Communications Manager SQLi (cisco-sa-cucm-sql-rpPczR8n)
The version of Cisco Unified Communications installed on the remote host is prior to tested version. It is, therefore, affected by an SQL injection vulnerability in the web-based management interface as referenced in the cisco-sa-cucm-sql-rpPczR8n advisory. An attacker authenticated as a...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...
CVE-2021-36690
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...
Denial Of Service (DoS)
mysql is vulnerable to Denial of Service DoS. It allows an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash...
Denial Of Service (DoS)
mysql is vulnerable to denial of service DoS. The vulnerability exists as a flaw in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash...
Sql injection
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
Sql injection
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
Sql injection
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
Sql injection
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
CVE-2019-12685 Cisco Firepower Management Center SQL Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
CVE-2019-12686 Cisco Firepower Management Center SQL Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
CVE-2019-12686 Cisco Firepower Management Center SQL Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
CVE-2019-12685 Cisco Firepower Management Center SQL Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
CVE-2019-12683 Cisco Firepower Management Center SQL Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...