Sql injection

SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...

CVE-2022-47072

CVE-2022-47072 affects Sparx Systems Enterprise Architect 16.0.1605 (32-bit). The vulnerability is a SQL injection in the Find parameter of the Select Classifier dialog box, enabling execution of arbitrary SQL commands. Root cause: unsafely handling user-controlled input in the dialog’s Find para...

CVE-2022-47072

SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...

CVE-2022-47072

SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...

PT-2024-11748 · Sparx Systems · Enterprise Architect

Name of the Vulnerable Software and Affected Versions: Enterprise Architect version 16.0.1605 Description: The issue allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box. This can be exploited by attackers to execute unauthorized SQL queries...

postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

PT-2023-8167 · Voltronic Power · Voltronic Power Viewpower

Name of the Vulnerable Software and Affected Versions: Voltronic Power ViewPower Pro affected versions not specified Description: The issue is related to the selectDeviceListBy method of the Voltronic Power ViewPower Pro software, which does not properly validate user-supplied input for SQL...

victorericselect.com Improper Access Control vulnerability OBB-3815255

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cross-site Scripting in @spscommerce/ds-react

Impact XSS, anyone using the SPS Select with options prop populated from user input is impacted. If these options are stored, then it could have been a stored XSS. Patches The code has been patched for version 7 of woodland. Users should upgrade to 7.17.4 or higher Workarounds This is not...

GHSA-CFXH-FRX4-9GJG Cross-site Scripting in @spscommerce/ds-react

Impact XSS, anyone using the SPS Select with options prop populated from user input is impacted. If these options are stored, then it could have been a stored XSS. Patches The code has been patched for version 7 of woodland. Users should upgrade to 7.17.4 or higher Workarounds This is not...

PT-2023-33008 · Woodland · Woodland

Name of the Vulnerable Software and Affected Versions: woodland versions prior to 7.17.4 Description: The issue affects users of the SPS Select component when the options prop is populated from user input, potentially leading to XSS attacks. If these options are stored, it could result in a store...

postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

CVE-2023-49494

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component selectmediapostwangEditor.php...

CVE-2023-49494

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component selectmediapostwangEditor.php...

Cross site scripting

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component selectmediapostwangEditor.php...

PT-2023-31247 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A reflective cross-site scripting XSS issue was discovered in DedeCMS via the component select media post wangEditor.php. This allows for potential XSS attacks. Recommendations: For DedeCMS version 5.7.111...

Desdev DedeCMS Security Breach

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...

CVE-2023-48947

An issue in the chacmp function of openlink virtuoso-opensource allows attackers to cause a Denial of Service DoS after running a SELECT statement...