The vulnerability of the DataSource Manager module of the Apache Linkis application connection, management, and orchestration software allows a attacker to execute arbitrary code.

The vulnerability of the DataSourceManager module in the Apache Linkis application connection, management, and orchestration software is related to the lack of effective parameter filtering. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting JNDI...

PT-2024-37123 · Icegram Express · Email Subscribers

Name of the Vulnerable Software and Affected Versions: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin versions up to, and including, 5.7.23 Description: The issue is related to time-based SQL Injection via the db parameter due to...

Byzro Networks Smart S80 Management Platform 代码问题漏洞

Byzro Networks Smart S80 is an Internet behavior management product from Byzro Networks. A code issue vulnerability exists in Byzro Networks Smart S80 Management Platform, which originates from /importhtml.php containing an unknown function that causes deserialization via the parameter sql...

SUSE CVE-2006-2418

Cross-site scripting XSS vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts...

SQL Injection

froxlor/froxlor is vulnerable to SQL Injection. The vulnerability exists in the Database parameter in errorreport.php due to improperly validated parameters, allowing a remote attacker to inject arbitrary SQL commands...

CVE-2022-36606

Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database...

PT-2022-23502 · Ywoa · Ywoa

Name of the Vulnerable Software and Affected Versions: Ywoa versions prior to 6.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the "/oa/setup/checkPool?database" API endpoint. The estimated number of potentially affected devices...

DEBIAN-CVE-2019-13274

In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter...

UBUNTU-CVE-2019-13274

In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter...

Firebird Relational Database isc_create_database() Buffer Overflow

No description provided by source. $Id: fbisccreatedatabase.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

MaxDB WebDBM - 'Database' Remote Overflow (Metasploit)

$Id: maxdbwebdbmdatabase.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

UBUNTU-CVE-2009-3582

Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the 1 id and possibly 2 db parameters in a Delete action to the output of a VendorsReportsSearch search operation...

Mini-CMS 1.0.1 (page.php id) SQL Injection Vulnerability

No description provided by source. +--------------------------------------------------------------------------------------------------------------------+ +--------------------------------------------Mini-CMS 1.0.1 SQL inlection------------------------------------------+...

CVE-2007-2808

Cross-site scripting XSS vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter...

CVE-2007-2808

Cross-site scripting XSS vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter...

CVE-2007-2808

CVE-2007-2808 affects gnatsweb/gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99, where inadequate sanitization of the database parameter in the main CGI script allows remote XSS via arbitrary HTML/script. Debian's DSA-1486-1 notes the fix in gnatsweb 4.00-1etch1, indicating remediation by upgrading ...

DEBIAN-CVE-2006-6943

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to a scripts/checklang.php and b themes/darkblueorange/layout.inc.php; and via the 1 lang, 2 target, 3 db, 4 goto, 5 table, and 6 tblgroup array arguments to c index.php, and the 7 back argument t...

DEBIAN-CVE-2006-2418

Cross-site scripting XSS vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts...

CVE-2004-0665

csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message...

CVE-2002-0922

CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to 1 default%2edb or 2 default%2edb.style, or remote authenticated users to perform administrative actions via 3 a database parameter set to default%2edb...