19 matches found
EUVD-2020-25297
Malware in sbrugna...
EUVD-2017-16788
Malware in sbrugna...
SQL Injection
propel/propel is vulnerable to SQL Injection. The vulnerability is due to a lack of implicit integer cast of the limit input, which allows an attacker to execute malicious SQL...
PT-2024-40171 · Propel · Propel
Name of the Vulnerable Software and Affected Versions: Propel versions 1.x through 3.x Description: The limit query method in Propel is susceptible to catastrophic SQL injection when used with MySQL. This occurs due to a lack of integer casting of the limit input in either...
PT-2024-40133 · Doctrine · Doctrine
Name of the Vulnerable Software and Affected Versions: Doctrine versions 1.2.3 and earlier for PostgreSQL and DB2 Dialects Doctrine versions 2.0.2 and earlier Description: The issue affects the DoctrineDBALPlatformsAbstractPlatform::modifyLimitQuery function, which does not cast input values for...
SUSE CVE-2020-4032
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in updaterecvsecondaryorder. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2...
Denial Of Service (DoS)
freerdp is vulnerable to denial of service DoS. The vulnerability exists in FreeRDP before version 2.1.2, there is an integer casting vulnerability in updaterecvsecondaryorder. All clients with +glyph-cache /relax-order-checks are affected...
CVE-2020-4032
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in updaterecvsecondaryorder. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. Mitigation Do not run the freerdp client with the +glyph-cache and /relax-order-checks options...
CVE-2020-4032
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in updaterecvsecondaryorder. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2...
CVE-2020-4032
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in updaterecvsecondaryorder. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2...
Design/Logic Flaw
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in updaterecvsecondaryorder. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2...
UBUNTU-CVE-2020-4032
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in updaterecvsecondaryorder. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2...
CVE-2020-4032
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in updaterecvsecondaryorder. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2...
CVE-2020-4032 Integer casting vulnerability in `update_recv_secondary_order` in FreeRDP
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in updaterecvsecondaryorder. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2...
CVE-2020-4032
CVE-2020-4032 affects FreeRDP prior to 2.1.2, where an integer casting vulnerability occurs in update_recv_secondary_order. All clients with +glyph-cache or /relax-order-checks are affected. The issue is fixed in version 2.1.2. The connected sources consistently describe this as a vulnerability i...
CVE-2020-4032
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in updaterecvsecondaryorder. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2...
SQL injection possible with limit() on MySQL
The limit query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: php UserQuery::create-limit'1;DROP TABLE users'-find; This will drop the users table! The cause appears to be a lack of integer casting of the limit input in either...
Command Injection
pidusage is vulnerable to command injections. Unsanitized input given to childprocess.exec resulting in command injection in the ps method. This is caused because the pid is never cast to an integer as it expects. Windows and Linux are not vulnerable but Darwin, SunOS, FreeBSD, and AIX are...
WordPress LeagueManager Plugin 3.8 - SQL Injection
LeagueManager plugin is prone to an SQL injection that exists in the "leagueid" parameter of a function call made by the leaguemanagerexport page. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit...