17 matches found
ROS-20260407-73-0007
A vulnerability in the sizelimitmb function of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
EUVD-2017-0265
Malware in sbrugna...
EUVD-2019-0732
Malware in sbrugna...
Sql Injection
laravel/framework is vulnerable to Sql Injection. The vulnerability is due to user input passed directly to the limit and offset functions in SQL Server, resulting is SQL injection...
SQL Injection
illuminate/database is vulnerable to sql injection. The vulnerability exists through the lack of sanitization and direct use of user-provided query via the limit and offset functions...
GHSA-68WG-QV6R-J4VP SQL Injection in usmanhalalit/pixie
Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit function due to improper sanitization...
SQL Injection in usmanhalalit/pixie
Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit function due to improper sanitization...
SQL Injection
Pixie is vulnerable to SQL injection. The attack is possible because it does not sanitize the parameter to thelimit function, allowing an attacker to inject and execute malicious SQL script through it...
Pixie SQL Injection Vulnerability
Pixie is a PHP-oriented database query generator . A SQL injection vulnerability exists in the limit function in Pixie, which can be exploited by attackers to conduct SQL injection attacks...
CVE-2019-10766
Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit function due to improper sanitization...
CVE-2019-10766
Summary (CVE-2019-10766) : Pixie, a PHP-oriented database query generator, has a vulnerability in the limit() function due to improper sanitization . Versions affected are Pixie 1.0.x before 1.0.3 and Pixie 2.0.x before 2.0.2 . The provided documents describe this as a SQL injection risk but do n...
GHSA-JMM9-2P29-VH2W activerecord vulnerable to SQL Injection
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument...
vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection
vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection Exploit Title: vBulletin vBSSO Single Sign-On – = 1.4.15 This plugin is vulnerable to SQL injection at the /vbsso/avatar.php file in the fetchUserinfo function. It requires a big UNION ALL SELECT query and commenting out the LIMIT function of...
CVE-2011-0448
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument...
CVE-2004-1466
The settimelimit function in Gallery before 1.4.4p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using savephotos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directo...
Gallery 1.4.4 - Remote Server-Side Script Execution
Gallery 1.4.4 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10968/info A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the...
SQL Server LIMIT / OFFSET SQL Injection
Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...