Using InsightVM to Find Apache Log4j CVE-2021-44228

There are many methods InsightVM can use to identify vulnerable software. Which method is best depends on the software and specific vulnerability in question, not to mention variability that comes into play with differing network topologies and Scan Engine deployment strategies. When it comes to ...

Sql injection

The SQL injection vulnerability in the Hide My WP WordPress plugin versions = 6.2.3 is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwpgetuserip" tries to retrieve the IP address from multiple headers, including IP address headers that the user c...

Sql injection

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...

CVE-2021-40129

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker...

Input validation

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2021-2740)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : sqlite (EulerOS-SA-2021-2740)

According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo functio...

EulerOS 2.0 SP9 : sqlite (EulerOS-SA-2021-2697)

According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is...

ServiceTonic SQL Injection Vulnerability

ServiceTonic, an ITIL-compliant service desk and enterprise services software, has a SQL injection vulnerability in the login form in versions prior to ServiceTonic 9.0.35937. An attacker could exploit the vulnerability to steal information via a specially crafted, HQL-compatible, time-series SQL...

PT-2021-6913 · Mariadb +5 · Mariadb Server +5

Name of the Vulnerable Software and Affected Versions: MariaDB Server versions 10.7 and below Description: An issue in the component Used tables and const cache::used tables and const cache join of MariaDB Server was discovered to allow attackers to cause a Denial of Service DoS via specially...

Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Unauthenticated SQL Injection Solution Status: Fix Released on public GitHub repository Manufacturer Notification: June 2021 Public Disclosure: 01...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2021-2644)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-22101

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of ServiceDoS vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with labelselectors on multiple V3 endpoints by generating an enormous SQL query...

Denial of service

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of ServiceDoS vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with labelselectors on multiple V3 endpoints by generating an enormous SQL query...

CVE-2021-22101

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of ServiceDoS vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with labelselectors on multiple V3 endpoints by generating an enormous SQL query...

CVE-2021-41147

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute...

CVE-2021-41800

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

CVE-2021-41800

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

CVE-2021-41800

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

Code injection

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...