28 matches found
Design/Logic Flaw
The "Sql Run Query" panel in WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOADFILE in an INSERT statement...
CVE-2014-8336
The WP-DBManager WordPress plugin (pre-2.7.2) contains a vulnerability in the Sql Run Query panel that allows remote read of arbitrary files by exploiting insufficient query restriction, demonstrated via LOAD_FILE in an INSERT statement. Affected product: WP-DBManager plugin for WordPress. Impact...
CVE-2014-8336
The "Sql Run Query" panel in WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOADFILE in an INSERT statement...
Sql injection
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLANALL ON protecti...
CVE-2017-9246
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLANALL ON protecti...
嘉缘人才系统sql注入#3
简要描述: 求20rank 详细说明: 首先看到frcms\member\requireslist.php if$do=="savedata" if$POST'id'=="" $POST'sid'=intval$Memberid; $POST'member'=getcookie'userlogin'; $POST'school'=getcookie'username'; ifempty$POST'title' showmsg'标题不能为空!','-1';exit; $POST'adddate'=date'Y-m-d H:i:s';...
Microsoft SQL Server INSERT Statement Buffer Overflow (MS08-040; CVE-2008-0106)
Microsoft SQL Server is a popular relational database management system RDBMS. Microsoft SQL Server can be administered programmatically using system stored procedures, or through Distributed Management Objects DMO. Its primary query language is Transact-SQL, an implementation of the ANSI/ISO...
Buffer overflow
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement...