Design/Logic Flaw

A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an...

CVE-2023-3763 Intergard SGS SQL Query cleartext transmission

A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an...

CVE-2023-3763

CVE-2023-3763 : In Intergard SGS 8.7.0, the SQL Query Handler contains unknown code that permits cleartext transmission of sensitive information. The issue is exploitable remotely over a network; attack complexity is high and no privileges are required from the user. Public disclosure exists, but...

Intergard SGS 安全漏洞

Intergard SGS is a security appliance from the Brazilian company Intergard. A security vulnerability exists in Intergard SGS version 8.7.0, which stems from the presence of unknown code in the component SQL Query Handler, resulting in the transmission of sensitive information in clear text...

PT-2023-7027 · Unknown · Intergard Sgs

Name of the Vulnerable Software and Affected Versions: Intergard SGS version 8.7.0 Description: The issue is related to the transmission of sensitive information in cleartext due to a vulnerability in the SQL Query Handler component. This can be exploited remotely, potentially allowing an attacke...

CVE-2023-3743

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the productoneimg parameter to retrieve the information stored in the database...

Design/Logic Flaw

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the productoneimg parameter to retrieve the information stored in the database...

CVE-2023-3743 SQL injection vulnerability in LeoTheme's Ap Page Builder

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the productoneimg parameter to retrieve the information stored in the database...

CVE-2023-3197 MStore API <= 4.0.1 - Unauthenticated SQL Injection

The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...

SUSE-SU-2023:2478-1 Security update for mariadb

This update for mariadb fixes the following issues: Updated to version 10.5.20: - CVE-2022-47015: Fixed a denial of service that could be triggered by a crafted SQL query bsc1207404...

PT-2023-18361 · WordPress · Web Directory Free

Name of the Vulnerable Software and Affected Versions: The Web Directory Free for WordPress versions up to, and including, 1.6.7 Description: The issue allows authenticated attackers with contributor-level privileges to extract sensitive information from the database due to insufficient escaping ...

CVE-2023-2111

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...

GLSA-202305-24 : MediaWiki: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-24 MediaWiki: Multiple Vulnerabilities - MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. CVE-2021-41798 - MediaWiki before 1.36.2...

Sql injection

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...

CVE-2023-26021

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864...

Design/Logic Flaw

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864...

CVE-2023-26021 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864...

CVE-2023-26021 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864...

CVE-2023-26021

CVE-2023-26021 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) at versions 11.1 and 11.5, where a specially crafted SQL query using a LIMIT clause can cause the server to crash (denial of service). The issue’s root cause is not fully described in the provided text, but ...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. (CVE-2023-26021)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted SQL query using a LIMIT clause. Vulnerability Details CVEID:CVE-2023-26021 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of servic...