Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this...

GHSA-C8WV-QWWC-6J73 MediaWiki allows a denial of service

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

MediaWiki allows a denial of service

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

GHSA-CH37-CH8W-CFRQ Bookstack Cross-site Scripting vulnerability

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

Bookstack Cross-site Scripting vulnerability

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

GHSA-9J9H-CPGC-8356 phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

ROS-20220516-04

Vulnerability of QuerySet.explain function of Django web application software platform is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality, integrity and availability o...

MGASA-2022-0175 Updated sqlite3 packages fix security vulnerability

DISPUTED A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentional...

Sql injection

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive informati...

Exploit for SQL Injection in Anuko Time_Tracker

PoC for CVE-2022-24707 SQL Injection Vulnerability on Puncher...

SQL injection in Calendar.php

Description In Calendar.php line 498-513, web server get values parameter as a part of sql query without sanitize, so attacker can be manipulated sql query, which is executed by web server...

CVE-2021-35229

Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query...

Cross site scripting

Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query...

CVE-2021-35229 Cross-Site Scripting Vulnerability using SQL Query

Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query...

CVE-2021-35229

CVE-2021-35229 is a cross-site scripting vulnerability in SolarWinds Database Performance Monitor (DPM) 2022.1.7779 and earlier when handling complex SQL queries. The CVE entries in NVD describe impact to confidentiality and integrity (C/L) with network attack vector and variable user interaction...

CVE-2022-24052

A flaw was found in MariaDB. Lack of input validation leads to a heap buffer overflow. This flaw allows an authenticated, local attacker with at least a low level of privileges to submit a crafted SQL query to MariaDB and escalate their privileges to the level of the MariaDB service user, running...

CVE-2021-24864

The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the postid parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue...

Cross site request forgery (csrf)

In the Orange Form WordPress plugin through 1.0, the processbulkaction function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter $id. Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually...

UBUNTU-CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...