CVE-2024-55586

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior...

BIT-DJANGO-2024-53908

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

Withdrawn Advisory: Nette Database SQL injection

Withdrawn Advisory This advisory has been withdrawn as it was reported in error. This link is maintained to preserve external references. Original Description Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where...

CVE-2024-53908

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

CVE-2024-29724 Multiple vulnerabilities in SportsNET

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio...

CVE-2023-45825

CVEs and affected software: The issue affects ydb-go-sdk (Go native and database/sql driver for YDB) in versions from v3.48.6 up to v3.53.2. Root cause and impact: If a custom credentials object (implementing the Credentials interface) is logged via an error message, the object could be serialize...

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

openSUSE Security Update : go1.14 (openSUSE-2020-1407)

This update for go1.14 fixes the following issues : - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs bsc1174977. - go1.14.6 released 2020-07-16 includes fixes to the go command, the compiler, the linker, vet...

openSUSE Security Update : go1.13 (openSUSE-2020-1095)

This update for go1.13 fixes the following issues : - go1.13.14 released 2020/07/16 includes fixes to the compiler, vet, and the database/sql, net/http, and reflect packages Refs bsc1149259 go1.13 release tracking - go39925 net/http: panic on misformed If-None-Match Header with http.ServeContent ...

OPENSUSE-SU-2020:1095-1 Security update for go1.13

This update for go1.13 fixes the following issues: - go1.13.14 released 2020/07/16 includes fixes to the compiler, vet, and the database/sql, net/http, and reflect packages Refs bsc1149259 go1.13 release tracking go39925 net/http: panic on misformed If-None-Match Header with http.ServeContent...

Security update for go1.13 (important)

openSUSE Security Update: Security update for go1.13 Announcement ID: openSUSE-SU-2020:1095-1 Rating: important References: 1149259 1169832 1172868 1174153 1174191 Cross-References: CVE-2020-14039 CVE-2020-15586 Affected Products: openSUSE Leap 15.2 An update that solves two vulnerabilities and h...

Security update for go1.13 (important)

openSUSE Security Update: Security update for go1.13 Announcement ID: openSUSE-SU-2020:1087-1 Rating: important References: 1149259 1169832 1172868 1174153 1174191 Cross-References: CVE-2020-14039 CVE-2020-15586 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and h...

CuuMall 最新版本sql注入一枚

简要描述： CuuMall 最新版本sql注入一枚 详细说明： 感觉 CuuMall 的官网文件是不是被人改动了 还是本身就是个bug，不多说了 直接看代码 DetailsAction.class.php282-313 public function addpru $coo = new Cookie ; if $coo-isset c "GUESTCOOK" ."mall-m-name" $this-assign "waitSceond", 3 ; $this-assign "jumpUrl", "APP/Home/login" ; $this-error "请登录后收藏商品" ; ex...

J.A.G (Just Another Guestbook) 1.14 - Database Disclosure

J.A.G Just Another Guestbook 1.14 - Database Disclosure Software Link: http://www.xs4all.nl/crisp/jag/jag.zip Version: v1.14 Tested on: Windows xp sp3 ------------------------------------------------------ | | | | | | | | /| ' \ / \ ' \ / /| ' \ | | | | | | / | | | | | | | | | || || |||| ||//||...

CVE-2006-0260

Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 DB05 in the a Data Pump component; 2 DB15 in the b Oracle Text component; 3 DB22 in the c Streams Apply component; 4 DB23 and 5 DB24 in th...