PT-2022-24930 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 Description: The issue concerns the automatic execution of unsaved SQL queries, which could pose a possible attack vector. Metabase has addressed th...

The vulnerability in the web interface of the Cisco Unified Communications Manager IM & Presence Service allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the Web interface for managing the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries...

CVE-2021-41147

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute...

Silver Peak SD-WAN Bugs Allow for Network Takeover

Silver Peak’s Unity Orchestrator, a software-defined WAN SD-WAN management platform, suffers from three remote code-execution security bugs that can be chained together to allow network takeover by unauthenticated attackers. SD-WAN is a cloud-based networking approach used by enterprises and...

Design/Logic Flaw

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOADFILE...

ManageEngine Firewall Analyzer 8.5 SQL Injection

================================================================ ManageEngine Firewall Analyzer 8.5 SQL Query Execution Vulnerability ================================================================ Description : Vulnerability Type : ManageEngine Firewall Analyzer 8.5 SQL Query Execution...

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...

ManageEngine EventLog Analyzer 10.6 Build 10060 SQL Query Execution

Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication: 14/09/2015 Vulnerability Type: authenticated SQL query execution...

ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution

ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication:...

ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution Vulnerability

Exploit for multiple platform in category web applications Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication:...

(0Day) IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists within the oninit process bound to TCP port 9088 when processing th...

CVE-2003-0735

SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter...

CVE-2001-0234

NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed userusername parameter...

CVE-2001-0201

The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program...