CVE-2021-36690

CVE-2021-36690: A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via idxGetTableInfo when given a crafted SQL query. The vendor disputes the relevance (user already has full privileges). Public details note remediation via package upgrades; Debian LTS advi...

Simple Library Management System 1.0 - (rollno) SQL Injection Vulnerability

Exploit Title: Simple Library Management System 1.0 - 'rollno' SQL Injection Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.nikhilbhalerao.com/ Software Link: https://www.sourcecodester.com/php/14126/simple-library-management-system.html Version: V1 Category: Webapps Tested o...

CVE-2021-32789

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...

CVE-2021-32789 Arbitrary SQL (SQL injection) possible via the Store API component.

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...

DEBIAN-CVE-2021-27021

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query...

CVE-2021-27021

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query...

CVE-2021-27021

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query...

CVE-2021-27021

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query...

Design/Logic Flaw

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query...

CVE-2021-27021

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query...

CVE-2021-27021

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query...

PT-2021-6608 · Puppet · Puppetdb

Name of the Vulnerable Software and Affected Versions: Puppet DB affected versions not specified Description: A flaw in Puppet DB results in an escalation of privileges, allowing a user to delete tables via an SQL query. This issue is related to a lack of protection measures for the SQL query...

PEEL Shopping 9.3.0 - (id) Time-based SQL Injection Vulnerability

Exploit Title: PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.peel.fr Software Link: https://sourceforge.net/projects/peel-shopping/files/peel-shopping930.zip/download Version: prior to 9.4.0 Tested on:...

[ASA-202107-8] puppet: privilege escalation

Arch Linux Security Advisory ASA-202107-8 ========================================= Severity: Medium Date : 2021-07-01 CVE-ID : CVE-2021-27021 Package : puppet Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-2105 Summary ======= The package puppet before version...

CVE-2021-27021

A flaw was discovered in puppet. An escalation of privileges which allows the user to delete tables via an SQL query is possible in Puppet DB. The highest threat from this vulnerability is to system availability and integrity...

Mattermost: DoS via large console messages

Summary: When server console logging is enabled, it's possible to cause a complete denial of service to the server by submitting large text 64KB that gets output in the console log. This causes the server to become unavailable for all users. Steps To Reproduce: I set up my environment following t...

CVE-2020-26668

A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function...

Sql injection

A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function...

CVE-2020-26668

A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function...

OpenClinic GA web portal multiple SQL injection vulnerabilities in the 'getAssets.jsp' page

Summary Multiple exploitable SQL injection vulnerabilities exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3...