SUSE CVE-2008-4865

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE i...

postgresql: server processes unencrypted bytes from man-in-the-middle

It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands...

CVE-2020-12014

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands...

CVE-2019-3661

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads...

ZZCMS SQL Injection Vulnerability (CNVD-2019-24373)

ZZCMS is a content management system CMS by the ZZCMS team in China. A SQL injection vulnerability exists in ZZCMS 8.3 and earlier versions. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this...

OpenEMR Arbitrary SQL Command Execution Vulnerability

OpenEMR is an open source medical management system maintained by the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A security vulnerability exists in the interface\super\editlist.php file ...

MuM MapEdit has multiple vulnerabilities

MuM MapEdit is software that provides data to the Internet and intranet to facilitate community and government infrastructure. MapEdit version 3.2.6.0 suffers from arbitrary file upload, arbitrary file download, and arbitrary SQL command execution vulnerabilities, which can be exploited by...

VulnCheck KEV: CVE-2012-1557

SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU2, 9.x before 9.5 MU11, 10.0.x before MU13, 10.1.x before MU22, 10.2.x before MU16, and 10.3.x before MU5 allows remote attackers to execute arbitrary SQL commands via unspecified...

Multiple Vulnerabilities in BXR

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BXR which could be exploited to perform cross-site scripting, cross-site request forgery and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in BXR 1.1 The vulnerability exists due to input...

Database Command Detection

Binary data 7019.pasl...

JBoss 3.0.8/3.2.1 - HSQLDB Remote Command Injection

source: https://www.securityfocus.com/bid/8773/info A remote command-injection vulnerability has been reported in JBoss. The issue is reportedly exposed via the HSQLDB component, which is a SQL database server that manages JMS connections. Because of a number of flaws, an attacker can pass comman...

OpenBB 1.0/1.1 - 'index.php' SQL Injection

source: https://www.securityfocus.com/bid/7401/info It has been reported that OpenBB does not properly check input passed via the 'index.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the bulletin board software. The consequenc...

OpenBB 1.01.1 - index.php SQL Injection

OpenBB 1.01.1 - index.php SQL Injection source: https://www.securityfocus.com/bid/7401/info It has been reported that OpenBB does not properly check input passed via the 'index.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the...