CVE-2020-3973

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...

CVE-2020-3973

The CVE-2020-3973 issue affects the VeloCloud Orchestrator (VMware) and is a SQL injection vulnerability caused by improper input validation. A tenant with Velocloud Orchestrator access could submit crafted SQL queries to access data beyond privileges, with impact described as data disclosure and...

VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973)

3a. Advisory Details The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5...

CVE-2020-9402

A SQL-injection flaw was found in python-django, where GIS functions and aggregates in Oracle did not correctly neutralize tolerance-parameter data. A remote attacker could use this flaw to submit crafted data to inject malicious SQL. Mitigation There is no known mitigation for this issue, the fl...

VMware Harbor Container Registry for PCF Multiple Security Vulnerabilities

Description VMware Harbor Container Registry for PCF is prone to the following security vulnerabilities. 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A privilege-escalation vulnerability 4. A user-enumeration vulnerability Exploiting this issue...

McAfee Advanced Threat Defense SB10304 Multiple Security Vulnerabilities

Description McAfee Advanced Threat Defense is prone to the following security vulnerabilities: 1. Multiple information disclosure vulnerabilities. 2. A remote command execution vulnerability 3. Directory-traversal vulnerability. 4. An SQL-injection vulnerability. 5. A security vulnerability...

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

Sql injection

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

PYSEC-2019-152

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

CVE-2019-10141

OpenStack Ironic Inspector (ironic-inspector) contains a SQL injection in node_cache.find_node() that uses unfiltered data from the /v1/continue POST. This API is unauthenticated, so an attacker with network access could exploit it to cause denial of service; data exfiltration is unlikely per the...

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

CVE-2019-10141

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

CVE-2017-3181

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit laten...

CVE-2017-3181

CVE-2017-3181 affects multiple TIBCO Spotfire components: Spotfire Analyst 7.7.0; Connectors 7.6.0; Deployment Kit 7.7.0; Spotfire Desktop 7.6.0/7.7.0; Desktop Developer Edition 7.7.0; Desktop Language Packs 7.6.0/7.7.0; affected components include Spotfire Client and Spotfire Web Player Client. ...

CVE-2017-3181 Multiple TIBCO Spotfire components are vulnerable to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit laten...

Appnitro MachForm < 4.2.3 Multiple Vulnerabilities

Appnitro MachForm is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

WordPress WPDB SQL Injection Vulnerability

Exploit for php platform in category web applications Today, a significant SQL-Injection vulnerability was fixed in WordPress 4.8.3. Before reading further, if you haven’t updated yet stop right now and update. The foundations of this vulnerability was reported via Hacker-One on September 20th,...