1417 matches found
CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
CVE-2021-41800
MediaWiki before 1.36.2 is affected by CVE-2021-41800, a denial-of-service due to resource consumption from lengthy SQL processing in Special:Contributions, caused by mishandling PoolCounter protection. The issue is documented in multiple sources (including GHSA advisory and Debian/Fedora securit...
Denial Of Service (DoS)
mediawiki/core is vulnerable to denial of service. The vulnerability exists due to the lack of protection against the pool counter, which allows an attacker to cause an application crash by providing a long-running SQL query via the PoolCounterWorkViaCallback...
PT-2021-23413
Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.36.2 Description The issue allows for a denial of service due to resource consumption caused by lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query becaus...
Exposure of Sensitive Information to an Unauthorized Actor in blair2004/nexopos-4x
Description Unhandled exception leads to exposure of server side and sql query information. Proof of Concept 1. Go to demo page http://v4.nexopos.com and login using demo account 2. Go to Customer - Create coupon and try to create a coupon without entering coupon code leave it empty 3. See that t...
South Gate Inn Online Reservation System 1.0 Shell Upload / SQL Injection Vulnerabilities
Exploit Title: South Gate Inn Online Reservation System v1.0 - Remote Code Execution Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/10584/south-gate-inn-online-reservation-system.html Software Link:...
Exploit for Integer Overflow or Wraparound in Apple Ipados
CVE-2021-30860 CVE-2021-30860 FORCEDENTRY is a known vulnera...
ROS-2-1198
2.1198 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
CVE-2020-7819
A SQL-Injection vulnerability in the nTracker USB Enterprisesecure USB management solution allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information...
CVE-2021-38390
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query...
SQLite Segmentation Error Vulnerability
SQLite is a self-sufficient, serverless, zero-configuration, transactional SQL database engine. idxGetTableInfo function in SQLite version 3.36.0 is vulnerable to a segmentation error. An attacker could exploit the vulnerability via a specially crafted SQL query to cause a denial of service...
SQLite 3.36.3 DoS Vulnerability
SQLite is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
CVE-2021-36690
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...
CVE-2021-36690
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...
DEBIAN-CVE-2021-36690
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...
CVE-2021-36690
DISPUTED A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentional...
Design/Logic Flaw
DISPUTED A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentional...
CVE-2021-36690
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...
CVE-2021-36690
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...