CVE-2024-49042

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability...

The vulnerability of the Oracle Database RDBMS Security component of the Oracle Database Server system allows a perpetrator to gain full control over the system.

The vulnerability of the Oracle Database RDBMS Security component of the Oracle Database Server lies in errors during privilege management. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full control over the system using the Oracle Net protocol...

Imperva: A Leader in WAAP

Imperva – a Thales company and leading provider of Web Application and API Protection WAAP solutions, is a force to be reckoned with in the cybersecurity landscape. Our comprehensive approach to security, encompassing database security, enterprise application security, bot management, DDoS...

CVE-2024-51993 Password is stored in clear in the database in Combodo iTop

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their...

CVE-2024-51993 Password is stored in clear in the database in Combodo iTop

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their...

SQL Injection

Funadmin is vulnerable to SQL injection. The vulnerability is due to improper input sanitization in the /curd/table/list endpoint, which allows attackers to inject arbitrary SQL queries into the database...

python-django: Potential SQL injection in QuerySet.values() and values_list()

A flaw was found in Django. The QuerySet.values and QuerySet.valueslist methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

CVE-2023-29119 Unauthorized SQLite Injection

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php...

CVE-2024-9475

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the orderby parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2024-42451)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause MySQL Server to hang or crash frequently and repeatedly...

Oracle Database Server (October 2024 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory. - Vulnerability in the Oracle Spatial and Graph libcurl2 component of Oracle Database Server. Supported versions that are affected are...

CVE-2016-15040 Kento Post View Counter <= 2.8 - SQL Injection

The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kentopvcgeo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2024-9982

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content...

CVE-2024-9972 ChanGate Property Management System - SQL Injection

Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2024-9971

The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents...

CVE-2024-9921 TEAMPLUS TECHNOLOGY Team+ - SQL Injection

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents...

CVE-2024-7385 WordPress Simple HTML Sitemap <= 3.1 - Authenticated (Admin+) SQL Injection

The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2024-8436

The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'editimageId' and 'editimageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

Vehicle Management edit1.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the /edit1.php file parameter sno. An attacker can exploit this vulnerability to execute illegal SQL comman...

PT-2024-29928 · Unknown · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce versions prior to 2.11.2 Description: The issue allows an attacker who can login to the product to obtain or alter the information stored in the database. This is achieved through a SQL injection vulnerability...