133 matches found
CVE-2018-16353
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter...
CVE-2018-16354
CVE-2018-16354 affects FHCRM (free/open source product management system). The connected CNVD/CVE records describe a SQL injection vulnerability exposed by the index.php/User/read limit parameter, with attackers potentially executing arbitrary SQL commands. FHCRM versions up to 2018-02-11 are imp...
CVE-2016-9490
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also...
CVE-2016-10550
The CVE-2016-10550 issue affects sequelize (ORM for Node.js) where user input into limit or order parameters can be used to inject SQL. Concrete details across documents show affected version: 3.16.0 and earlier. Root cause is improper handling of input in query construction, enabling SQL stateme...
UBUNTU-CVE-2016-10204
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php...
CVE-2010-5003
SQL injection vulnerability in the AutarTimonial comautartimonial component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details are obtained from third party information...
CVE-2009-5024
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request...
CVE-2009-5024
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request...
CVE-2009-3486
Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to 1 the pinghost program, reachable through the diagnose program; or 2 the traceroute program, reachab...
DEBIAN-CVE-2008-4094
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...
CVE-2008-4094
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...
PT-2004-3257 · Phpx · Phpx
Name of the Vulnerable Software and Affected Versions: PHPX versions 3.0 through 3.2.6 Description: The issue allows remote attackers to conduct cross-site scripting XSS attacks via hex-encoded tags. This is achieved by bypassing the check for literal "", "", and "" characters in the checkURI...
PT-2004-3256 · Phpx · Phpx
Name of the Vulnerable Software and Affected Versions: PHPX versions 3.2.6 and earlier Description: The issue allows remote attackers to obtain the physical path of PHPX by providing a null or invalid value in the limit parameter. This results in the pathname being leaked in a database error...