GHSA-2P5P-M353-833W Sort order SQL injection in Administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

CVE-2020-5257 Sort order SQL injection in Administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

CVE-2020-10563

An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query...

SQL Injection

In Administrate rubygem, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord SQL protections. Whils...

Update Rollup 1 for System Center Orchestrator 2019

Update Rollup 1 for System Center Orchestrator 2019 Introduction This article describes the issues that are fixed in Update Rollup 1 for Microsoft System Center Orchestrator 2019. This article also contains the installation instructions for this update. Issues that are fixed Events pane of the...

Gila CMS SQL Injection Vulnerability

Gila CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in /admin/sql?query= in Gila CMS version 1.11.8. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker...

The vulnerability of the web interface of the Cisco Digital Network Architecture (DNA) Center, related to the lack of protective measures for the SQL query structure, allows a perpetrator to execute arbitrary code.

The vulnerability of the Cisco Digital Network Architecture DNA Center’s network management web interface is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2019-8600

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution...

CVE-2019-8600

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution...

Memory corruption

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution...

CVE-2019-8600

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution...

EUVD-2019-17990

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution...

The vulnerability of the ZingBox Inspector’s network device handlers lies in the lack of protective measures for SQL query structures, allowing attackers to disclose protected information.

The vulnerability of the ZingBox Inspector network traffic processor is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...

The vulnerabilities of the `django.contrib.postgres_fields.HStoreField` and `django.contrib.postgres_fields.JSONField` functions in the Django framework are related to the lack of measures to protect SQL query structures. This allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the django.contrib.postgresfields.HStoreField and django.contrib.postgresfields.JSONField functions in the Django web development framework is related to conversion and key search errors, as well as index searching issues. Exploiting this vulnerability can allow an attacker t...

Joomla Sumoku 3.9.8 SQL Injection

Exploit Title : Joomla Sumoku 3.9.8 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 12/10/2019 Vendor Homepage : blueorangegames.com/sumoku/ Affected Version : 3.9.8 Tested On : Windows and Linux Category : WebApps Exploit Risk : Medium Vulnerabili...

Update Rollup 8 for System Center 2016 Orchestrator

Update Rollup 8 for System Center 2016 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 8 for Microsoft System Center 2016 Orchestrator. This article also contains the installation instructions for this update. Issues that are fixed Runbook performing SQ...

CVE-2019-13292

A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks...

Apple iTunes for Windows < 12.9.5 Multiple Vulnerabilities (credentialed check)

The version of Apple iTunes for Windows installed on the remote Windows host is prior to 12.9.5. It is, therefore, affected by multiple vulnerabilities as referenced in the HT210124 advisory. - An application may be able to gain elevated privileges CVE-2019-8577 - A maliciously crafted SQL query...

Apple TV 12.0.0 and < 12.3 Multiple Vulnerabilities

Binary data 700719.prm...

Sql injection

DISPUTED Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid...