OpenAsset Digital Asset Management SQL Injection Vulnerability

Openasset is a digital asset management software for the website building industry from Openasset UK. OpenAsset Digital Asset Management suffers from a SQL injection vulnerability that originates from a blind remote SQL injection via authentication, which can be exploited by an attacker to gain...

Mquery Security Vulnerability

Aheckmann Mquery is a Javascript-based codebase for efficiently generating Mongdb query statements from the individual developer Aheckmann. A security vulnerability exists in mquery lib/utils.js versions prior to 3.2.3, which allows contamination attacks because a special attribute e.g. proto can...

SQL Injection Vulnerability in Kaixin Worklog System worklog

Kaixin Worklog Worklog system is a software system based on B/S to build the collaborative office within the enterprise. The system uses ASP.NET language development. Worklog system worklog star SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive information...

Siemens XHQ SQL Injection Vulnerability

Siemens XHQ is a software platform that aggregates plant or pipeline operational data, processes it in a goal-oriented manner, and then makes decisions in real time to effectively improve plant or pipeline operational performance. A SQL injection vulnerability exists in Siemens XHQ versions prior...

CVE-2020-29284

The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the tableid parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?tableid= to trigger the...

The vulnerability of the core server component of the PostgreSQL database management system allows attackers to influence the integrity, accessibility, and confidentiality of data.

The vulnerability of the core server component of the PostgreSQL database management system is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows a malicious actor to influence the integrity, accessibility, and confidentiality of data...

CVE-2019-2392

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prio...

CVE-2018-20802

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3...

CVE-2018-20803

CVE-2018-20803 affects MongoDB Server: 4.0 prior to 4.0.5; 3.6 prior to 3.6.10; 3.4 prior to 3.4.19. Description: authenticated user can trigger a denial-of-service by sending specially crafted queries, causing an endless loop in mathematics processing while holding locks. Impact: availability de...

CVE-2020-7928

A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions prior to 4.0.20 and...

CVE-2018-20802

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3...

CVE-2019-2392

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prio...

Code injection

A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13...

CVE-2019-20924

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2...

CVE-2019-20923

Removed by vendor...

CVE-2019-20924

Removed by vendor...

CVE-2020-7926

Removed by vendor...

SourceCodester Water Billing System SQL Injection Vulnerability

SourceCodester Water Billing System is a water billing system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Water Billing System version 1.0, which stems from a failure of the program to properly validate user input, and allows an attacker to perform SQL injectio...

SQL injection vulnerability in ad***.cl***.php file in the backend of MTCEO repository system

MTCEO library system using php + mysql, built by thinkphp underlying , Baidu library template style for the basic style . MTCEO library system background ad.cl.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...

SQL Injection Vulnerability in JfinalOA

JfinalOA is a set of open source office OA system development framework. JfinalOA SQL injection vulnerability , an attacker can exploit the vulnerability to obtain sensitive database information...