143 matches found
CVE-2022-0786
The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route, leading to SQL Injections exploitable by unauthenticated users...
isic.lk-RCE
Usage python exp.py http://localhost/isic !image-20...
CVE-2021-24840
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...
Huntflow Enterprise 注入漏洞
Huntflow Enterprise is an efficient recruitment software from the Russian company Huntflow. Huntflow Enterprise suffers from an injection vulnerability that stems from an LDAP injection vulnerability in /account/login in Huntflow Enterprise prior to version 3.10.6 that could allow an...
Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure
The theme allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request. PoC POST /wp-json/csco/v1/more-posts Accept:...
The vulnerability of the Grafana data processing web tool, related to server-side manipulation of queries, allows attackers to gain unauthorized access to protected information or cause service failures.
The vulnerability of the Grafana data processing web tool is related to server-side manipulation of queries. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...
Unexpected database bindings
This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...
PT-2020-16096
Name of the Vulnerable Software and Affected Versions PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 Description The issue concerns SQL Injection via the "zms/animal-detail.php" endpoint. This allows for potential manipulation of database queries. Recommendations For PHPGURUKUL...
InQL - A Burp Extension For GraphQL Security Testing
A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. InQL Stand-Alone CLI Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata...
The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to improper elimination of special elements used in SQL commands, allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment is related to the improper elimination of special elements used in SQL queries. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...
Sql injection
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an...
Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2018-1058)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ruby on Rails Query Manipulation Vulnerability (Feb 2013)
Ruby on Rails is prone to a query manipulation vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...
CVE-2019-3797
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...
Joomla Component XMap SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla component XMap. The flaw is due to input passed to 'index.php' via the 'view=' and 'itemID=' parameters failing to be properly filtered before being used in SQL queries. An attacker could...
Sql injection
SQL injection vulnerability in the "Users management" functionality in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this...
Security Bulletin: Multiple Vulnerabilities fixed in IBM Security Identity Manager Virtual Appliance ( CVE-2014-6106, CVE-2014-6108, CVE-2014-6109, CVE-2014-6111, CVE-2014-6112 )
Summary Multiple Vulnerabilities fixed in IBM Security Identity Manager versions 5.1, 6.0, and 7.0 Vulnerability Details CVE-ID: CVE-2014-6106 Description: IBM Security Identity Manager is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuadin...
UBUNTU-CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...
OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)
It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...
OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)
It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...