48 matches found
CVE-2026-42100
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...
CVE-2026-42100
Technical details (affected products/versions, root cause, impact, mitigation) are not publicly available in the provided documents. Monitor for updates as new information may be published.
CVE-2025-36122 IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources...
CVE-2025-36122
CVE-2025-36122 affects IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.3 for Linux, UNIX and Windows (including DB2 Connect Server). An authenticated user can cause a denial of service via a specially crafted SQL query due to improper allocation of system resources when stmtheap is set to AUTOMATIC. CVSS v...
CVE-2021-36690
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...
CVE-2018-1000871
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...
Elasticsearch 7.17.21 and 8.13.3 Security Update (ESA-2024-25)
Elasticsearch allocation of resources without limits or throttling leads to crash ESA-2024-25 An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function. Affected...
CVE-2024-29729
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url...
CVE-2024-29723
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter...
CVE-2024-29724
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio...
CVE-2024-29727
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , paramete...
CVE-2024-29723 Multiple vulnerabilities in SportsNET
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter...
CVE-2024-29723 Multiple vulnerabilities in SportsNET
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter...
CVE-2024-29730 Multiple vulnerabilities in SportsNET
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/consejoRandom/ , parameter idCat;...
CVE-2024-29730 Multiple vulnerabilities in SportsNET
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/consejoRandom/ , parameter idCat;...
CVE-2024-4991
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/modpass/aksipass.php parameter in namalengkap. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it...
CVE-2024-4992 SQL injection vulnerability in SiAdmin
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/modkuliah/aksikuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it...
CVE-2024-4309
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /user/transaction.php?id=1, /user/credit-debittransaction.php?id=1,/user/viewtransaction. php?id=1 and...
CVE-2024-2590
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/selectsend.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
CVE-2024-2585
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/selectsend2.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...