PT-2020-14540 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations without requiring authentication. The flaw exists within the ajax list accounts.php file,...

College-Management-System-Php 1.0 SQL Injection

Exploit Title: College-Management-System-Php 1.0 - Authentication Bypass / SQL Injection Exploit Author: BLAY ABU SAFIAN Inveteck Global Website: https://github.com/olotieno/College-Management-System-Php Date: 2020-06-16 Google Dork: N/A Vendor: https://github.com/olotieno/ Software Link:...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to improper elimination of special elements used in SQL commands, allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment is related to the improper elimination of special elements used in SQL queries. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...

Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection

Exploit Title: Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection Date: 2020-06-07 Exploit Author: Pankaj Kumar Thakur Vendor Homepage: http://virtualairlinesmanager.net/ Dork: inurl:notamid= Affected Version: 2.6.2 Tested on: Ubuntu CVE : N/A Vulnerable parameter -------------------...

Advanced Woo Search < 2.00 - SQL query leak in ajax search

Every ajax search returns the raw SQL query in the response...

ZSQL: Log Directory Permission

The LOGPATHPERMISSIONS parameter specifies the log directory permission. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ZSQL: Maximum Number of Backup Audit Files

The AUDITBACKUPFILECOUNT parameter specifies the maximum number of backup audit log files. If the number of backup files exceeds the specified value, the earliest backup files are automatically deleted and the backup deletion information is recorded in audit logs. SPDX-FileCopyrightText: 2020...

Arbitrary Code Execution

postgresql is vulnerable to arbitrary code execution. A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-crafted SQL query...

Denial Of Service (DoS)

PostgreSQL is vulnerable to denial of service DoS.It is due to an integer overflow in src/backend/executor/nodeHash.c, allowing an attacker to use a malicious SQL query to cause a temporary denial of service postgres daemon crash or, potentially, execute arbitrary code with the privileges of the...

Denial Of Service (DoS)

PostgreSQL is vulnerable to Denial Of Service DoS. A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT and BIT VARYING SQL data types. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary...

ZSQL: Password Grace Period

The password grace period is the days between password expiration warning and password expiration. In this grace period, users can change their passwords before password expiration, ensuring service continuity. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted fr...

ZSQL: Number Of Days Before Which a Password Cannot Be Reused

You must configure the number of days before which a password cannot be reused. This configuration prevents password cracking caused by password reuse. It is configured by setting the PASSWORDREUSETIME parameter unit: day. After this parameter is set, the password can be reused only after the...

ZSQL: Resource Limit of a Single User

Configure the resource limit to enable the maximum number of connections of a single user as defined in ADMPROFILES table. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

ZSQL: Check for users with DROP USER permission

Searches for users and roles with DROP USER permission and checks whether they are authorized to have it. A user with the DROP User permission can delete other users. If this permission is no longer necessary, revoke it. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be...

The vulnerability of the Redmine project and task management web application relates to the failure to protect the SQL query structure, allowing an attacker to gain unauthorized access to protected information.

The vulnerability of the Redmine project and task management web application relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information from a remote location...

Sort order SQL injection via `direction` parameter in administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

CVE-2020-10563

An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query...

Sql injection

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

Design/Logic Flaw

An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query...

Sort order SQL injection in Administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...