35 matches found
CVE-2023-49429
Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules...
CVE-2022-0224
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...
EUVD-2015-5419
Malware in sbrugna...
EUVD-2010-0171
Malware in sbrugna...
EUVD-2023-53394
Malicious code in bioql PyPI...
CVE-2021-3817
wbcecms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...
CVE-2025-39569
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in taskbuilder Taskbuilder taskbuilder allows Blind SQL Injection.This issue affects Taskbuilder: from n/a through = 4.0.1...
BIT-DOLIBARR-2022-0224 SQL Injection in dolibarr/dolibarr
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...
CVE-2024-27940
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database...
PT-2024-26265 · Likeshop · Likeshop
Name of the Vulnerable Software and Affected Versions: Likeshop versions prior to 2.5.7 Description: The issue allows attackers to run arbitrary SQL commands via the OrderLogic::getOrderList function, which can be exploited at the "/admin/order/lists.html" endpoint. Recommendations: For versions...
CVE-2023-50842
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1...
Debian: Security Advisory (DLA-152)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-0224
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...
Command injection
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL...
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
--coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link: https://www.misp-project.org/download/ Version: 2.4.90 - 2.4.99 Tested on: 2.4.97 CVE: CVE-2018-19908...
KomSeo Cart 1.3 SQL Injection
Exploit Title: KomSeo Cart 1.3 - 'edit.php' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor: SITEMAKIN Vendor Homepage: https://sitemakin.com Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows an attacker to inject...
LiveInvoices 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: LiveInvoices 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/liveinvoices-complete-invoicing-system-crm/20243375 Demo:...
DeWorkshop 1.0 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: DeWorkshop 1.0 - Arbitrary File Upload Dork: N/A Date: 18.08.2017 Vendor Homepage : https://sarutech.com/ Software Link: https://codecanyon.net/item/deworkshop-auto-workshop-portal/20336737 Demo:...
Debian DLA-152-1 : postgresql-8.4 update
Several vulnerabilities were discovered in PostgreSQL, a relational database server system. The 8.4 branch is EOLed upstream, but still present in Debian squeeze. This new LTS minor version contains the fixes that were applied upstream to the 9.0.19 version, backported to 8.4.22 which was the las...
MGASA-2015-0069 Updated postgresql packages fix security vulnerabilities
Updated postgresql packages fix security vulnerabilities: A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages CVE-2014-8161. The function tochar might read/write past the end of a buffer. This might crash the...