Lucene search
+L

143 matches found

ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.10 views

CVE-2022-0786

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route, leading to SQL Injections exploitable by unauthenticated users...

9.8CVSS5.6AI score0.12619EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2022/04/03 2:28 p.m.3 views

isic.lk-RCE

Usage python exp.py http://localhost/isic !image-20...

8.4AI score
Exploits0
NVD
NVD
added 2021/11/08 6:15 p.m.20 views

CVE-2021-24840

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...

5.3CVSS0.01131EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/10/14 12:0 a.m.3 views

Huntflow Enterprise 注入漏洞

Huntflow Enterprise is an efficient recruitment software from the Russian company Huntflow. Huntflow Enterprise suffers from an injection vulnerability that stems from an LDAP injection vulnerability in /account/login in Huntflow Enterprise prior to version 3.10.6 that could allow an...

7.5CVSS7.5AI score0.01466EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2021/10/11 12:0 a.m.18 views

Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure

The theme allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request. PoC POST /wp-json/csco/v1/more-posts Accept:...

5.3CVSS2.3AI score0.01131EPSS
Exploits2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/04/21 12:0 a.m.5 views

The vulnerability of the Grafana data processing web tool, related to server-side manipulation of queries, allows attackers to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Grafana data processing web tool is related to server-side manipulation of queries. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...

8.2CVSS6.3AI score0.99856EPSS
Exploits5References12Affected Software3
Github Security Blog
Github Security Blog
added 2021/02/02 3:47 p.m.165 views

Unexpected database bindings

This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...

1AI score
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2020/09/22 12:0 a.m.7 views

PT-2020-16096

Name of the Vulnerable Software and Affected Versions PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 Description The issue concerns SQL Injection via the "zms/animal-detail.php" endpoint. This allows for potential manipulation of database queries. Recommendations For PHPGURUKUL...

7.8CVSS7.1AI score0.00508EPSS
Exploits1References7
Kitploit
Kitploit
added 2020/06/23 9:30 p.m.66 views

InQL - A Burp Extension For GraphQL Security Testing

A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. InQL Stand-Alone CLI Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata...

7.2AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/06/17 12:0 a.m.9 views

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to improper elimination of special elements used in SQL commands, allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment is related to the improper elimination of special elements used in SQL queries. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...

7.6CVSS7.2AI score0.01015EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/01/27 4:15 p.m.35 views

Sql injection

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an...

7.5CVSS8AI score0.04363EPSS
Exploits0References7Affected Software2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.44 views

Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2018-1058)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS7.2AI score0.06905EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2019/07/25 12:0 a.m.31 views

Ruby on Rails Query Manipulation Vulnerability (Feb 2013)

Ruby on Rails is prone to a query manipulation vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

6.4CVSS6.7AI score0.01946EPSS
Exploits2References2
NVD
NVD
added 2019/05/06 4:29 p.m.27 views

CVE-2019-3797

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

5.3CVSS4.3AI score0.01087EPSS
Exploits0References1
CNVD
CNVD
added 2019/03/14 12:0 a.m.4 views

Joomla Component XMap SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla component XMap. The flaw is due to input passed to 'index.php' via the 'view=' and 'itemID=' parameters failing to be properly filtered before being used in SQL queries. An attacker could...

8.1AI score
Exploits0References1
Prion
Prion
added 2018/07/31 2:29 p.m.19 views

Sql injection

SQL injection vulnerability in the "Users management" functionality in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this...

9CVSS8.7AI score0.01536EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:22 p.m.27 views

Security Bulletin: Multiple Vulnerabilities fixed in IBM Security Identity Manager Virtual Appliance ( CVE-2014-6106, CVE-2014-6108, CVE-2014-6109, CVE-2014-6111, CVE-2014-6112 )

Summary Multiple Vulnerabilities fixed in IBM Security Identity Manager versions 5.1, 6.0, and 7.0 Vulnerability Details CVE-ID: CVE-2014-6106 Description: IBM Security Identity Manager is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuadin...

8.8CVSS0.6AI score0.01874EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/02/28 12:0 a.m.2 views

UBUNTU-CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...

8.8CVSS7AI score0.14142EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2018/02/26 9:32 p.m.6 views

OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)

It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...

4.3CVSS7.4AI score0.03435EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/01/22 8:40 p.m.5 views

OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)

It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...

4.3CVSS7.4AI score0.03435EPSS
Exploits0References4
Rows per page
Query Builder