SQLite Default Value Authorization Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DEFAULT...

ManageEngine Applications Manager IT360UtilitiesServlet SQLi

The remote host is running a version of ManageEngine Applications Manager that is affected by a SQL injection vulnerability due to improper validation of user-supplied input to the 'IT360UtilitiesServlet' servlet. A remote attacker can exploit this flaw to execute arbitrary SQL statements. Note...

IBM DB2 10.1.x < 10.1.400.770 Information Disclosure (credentialed check)

The version of IBM DB2 installed on the remote host is affected by an information disclosure vulnerability due to an unspecified flaw in the monitoring and audit features. A remote, authenticated attacker can exploit this flaw, via a crafted series of commands, to view passwords in SQL statements...

IBM DB2 9.7.x < 9.7.1000.568 Information Disclosure (credentialed check)

The version of IBM DB2 installed on the remote host is affected by an information disclosure vulnerability due to an unspecified flaw in the monitoring and audit features. A remote, authenticated attacker can exploit this flaw, via a crafted series of commands, to view passwords in SQL statements...

Command injection

OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL AF Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements...

CVE-2015-1013

CVE-2015-1013 affects OSIsoft PI AF 2.6/2.7 and PI SQL for AF 2.1.2.19. The root cause is an incorrect default permission where the PI SQL (AF) Trusted Users group may include the Everyone account, enabling remote authenticated users to bypass command restrictions by issuing SQL statements. Impac...

ManageEngine Applications Manager IT360UtilitiesServlet query SQL Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IT360UtilitiesServlet servlet. The issue lies in the ability to...

CVE-2014-0919

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities...

Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability

A vulnerability in the Interactive Voice Response IVR interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attack...

PT-2023-25559 · Monetdb +1 · Monetdb Server +1

Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the GDKfree component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For versions 11.45.17 and 11.46.0, update to a...

PT-2023-4102 · Unknown +1 · Monetdb Server +1

Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the cs bind ubat component allows attackers to cause a Denial of Service DoS via crafted SQL statements. It is related to incorrect clearance or release of resources,...

WordPress custom-contact-forms Plugin SQL Upload

The WordPress custom-contact-forms plugin 'WordPress custom-contact-forms Plugin SQL Upload', 'Description' = %q The WordPress custom-contact-forms plugin 'Marc-Alexandre Montpas', Vulnerability discovery 'Christian Mehlmauer' Metasploit module , 'License' = MSFLICENSE, 'References' = 'URL',...

Joomla! Spider Calendar Component <= 3.2.6 SQLi Vulnerability - Active Check

Joomla! Spider Calendar Component is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that employ this parameter...

SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability

No description provided by source. SetSeed CMS 5.8.20 loggedInUser Remote SQL Injection Vulnerability Vendor: SetSeed Product web page: http://www.setseed.com Affected version: 5.8.20 Summary: SetSeed is a self-hosted CMS which lets you rapidly build and deploy complete websites and online stores...

Oracle HTML DB 1.5/1.6 f p Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affecte...

Oracle HTML DB 1.5/1.6 wwv_flow.accept p_t02 Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affecte...

Revive Adserver 'www/delivery/axmlrpc.php' 'what' Parameter SQL Injection

The Revive Adserver install hosted on the remote web server is affected by a SQL injection vulnerability because the 'www/delivery/axmlrpc.php' script fails to properly sanitize user-supplied input passed to the 'what' parameter. This can allow a remote, unauthenticated attacker to execute...

GLSA-201406-10 : lighttpd: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201406-10 lighttpd: Multiple vulnerabilities Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could create a Denial of Service...

lighttpd: Multiple vulnerabilities

Background lighttpd is a lightweight high-performance web server. Description Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details. Impact A remote attacker could create a Denial of Service condition. Futhermore, a remote attack...