14 matches found
EUVD-2021-21875
Malware in sbrugna...
SQL Injection
nhibernate is vulnerable to SQL injection. The vulnerability is due to the lack of proper validation/sanitization of some types implemented from ILiteralType.ObjectToSQLString, allowing attackers to exploit mappings with discriminator values, HQL queries referencing static fields, and the use of...
CVE-2024-39677
NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...
CVE-2024-39677
NHibernate (.NET) has a SQL injection vulnerability affecting certain implementations of ILiteralType.ObjectToSQLString. Exposed scenarios include: discriminator-based inheritance mappings, HQL queries referencing static application fields, and use of SqlInsertBuilder/SqlUpdateBuilder AddColumn o...
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
Impact A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes: - Mappings using inheritance with discriminator values: - The discriminator value could be written in the mapping in a...
CVE-2023-37472
Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint...
Sql injection
Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint...
CVE-2023-37472 Query injection in Knowage server
Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint...
CVE-2023-37472 Query injection in Knowage server
Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint...
SolarWinds Web Help Desk <= 12.7.6 Arbitrary Code Execution
The version of SolarWinds Web Help Desk installed on the remote host is prior to or equal to 12.7.6. It is, therefore, affected by an arbitrary code execution vulnerability. Through hard coded credentials, an attacker with local access to the Web Help Desk host machine allows to execute arbitrary...
CVE-2021-35232
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...
Hardcoded credentials
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...
CVE-2021-35232 Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...
CVE-2021-35232
CVE-2021-35232 affects SolarWinds Web Help Desk versions up to and including 12.7.6. It arises from hard-coded credentials that permit a local attacker with access to the Web Help Desk host to execute arbitrary HQL queries against the database, enabling theft of user password hashes or insertion ...