BIT-MARIADB-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

BIT-MARIADB-2022-24050

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

BIT-MARIADB-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

CVE-2024-25833

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...

PT-2024-2074 · Unknown · Subrion Cms

Name of the Vulnerable Software and Affected Versions: Subrion CMS version 4.2.1 Description: The issue is related to a potential SQL injection vulnerability in the ia.core.mysqli.php component of the Subrion CMS system. This could allow a remote attacker to execute arbitrary SQL queries. However...

Flashcard Quiz App v1.0 - (card) SQL Injection Vulnerability

Exploit Title: Flashcard Quiz App v1.0 - 'card' SQL Injection Application: Flashcard Quiz App Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/17160/flashcard-quiz-app-using-php-and-mysql-source-code.htm...

Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP requests on port 3000. When parsing the token parameter, the...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2024-09309)

SINEC NMS is a new generation network management system NMS for digital enterprises. Siemens SINEC NMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL queries on the server database...

SolarWinds Orion Platform AppendCreatePrimary SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the AppendCreatePrimary method. The issue results from the lack of proper validati...

SolarWinds Orion Platform AppendUpdate SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the AppendUpdate method. The issue results from the lack of proper validation of a...

CVE-2024-23810

Siemens SINEC NMS is affected by CVE-2024-23810: all versions prior to 2.0 SP1 are vulnerable to SQL injection in the server database, potentially allowing an unauthenticated attacker to run arbitrary SQL queries. Sources consistently identify this CVE as a SQL-injection issue impacting SINEC NMS...

CVE-2024-23810

A vulnerability has been identified in SINEC NMS All versions V2.0 SP1. The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database...

Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactHostCommands function. The issue results from the lack of proper validation of a...

Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateLCARelation function. The issue results from the lack of proper validation of a...

The vulnerability of the microprogrammed software of the BUFFALO VR-S1000 routers lies in the lack of measures to neutralize the special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary commands of the operating system.

The vulnerability of the Cacti network monitoring software is related to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pollers.php script...

CVE-2023-4797

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

Security Bulletin: IBM DB2 used by IBM Security Verify Governance has multiple vulnerabilities

Summary IBM Security Verify Governance supports IBM DB2 database. Information about security vulnerabilities affecting IBM DB2 has been published in security bulletins. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5,...

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RC...

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RC...