CVE-2023-29047

The CVE-2023-29047 entry concerns Open-Xchange App Suite’s Imageconverter API endpoints, where input validation and sanitization were insufficient, allowing SQL injection. Affected software component: Imageconverter API endpoints (Open-Xchange App Suite). Root cause: inadequate client input valid...

SQLInjection in FileContentProvider.kt - ownCloud

Due to some insecure code in a exported content provider an attacker with local access could retrieve information from the ownCloud app database through SQL injection...

Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that employ this parameter...

CVE-2012-2146

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

Oracle 9i10g ACTIVATE_SUBSCRIPTION - SQL Injection (2)

Oracle 9i10g ACTIVATESUBSCRIPTION - SQL Injection 2 !/usr/bin/perl Remote Oracle DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION exploit 9i/10g - Version 2 - New "evil cursor injection" tip! - No "create procedure" privileg needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke db...