CVE-2024-9828 Taskbuilder < 3.0.5 - Admin+ SQL Injection

The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...

CVE-2024-31880

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user...

CVE-2024-31880 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user...

PT-2024-24264 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue is related to a denial of service under specific configurations, where the server may crash when using a specially crafted SQ...

CVE-2024-45307

SudoBot (Discord moderation bot) contains a privilege escalation flaw in the -config command due to missing authorization checks. Any user could update bot configurations and potentially take control of settings on affected installations. Affected versions are all v9 before 9.26.7; v8 and newer 9...

CVE-2024-45307 SudoBot missing authorization check in `-config` command

SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the -config command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is...

CVE-2024-45307 SudoBot missing authorization check in `-config` command

SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the -config command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is...

CVE-2024-45307 SudoBot missing authorization check in `-config` command

SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the -config command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is...

CVE-2024-31882 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614...

CVE-2024-31882

CVE-2024-31882 refers to IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) 11.1 and 11.5, where an authenticated user can trigger a denial of service under certain non-default configurations by sending a specially crafted SQL statement, potentially crashing the server. This risk ...

CVE-2024-4145 Search & Replace < 3.2.2 - Admin+ SQL injection

The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network...

CVE-2024-3552

CVE-2024-3552 affects the Web Directory Free WordPress plugin prior to 1.7.0. An unauthenticated AJAX action uses an unsanitised parameter in a SQL statement, enabling SQL injection via UNION, time-based, and error-based techniques, potentially compromising the database. The nuclei template confi...

CVE-2023-29267

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612...

CVE-2023-29267 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612...

CVE-2023-29267

CVE-2023-29267: IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to a denial-of-service when a specially crafted SQL statement is used by an authenticated user, potentially crashing the server under certain configurations. The connected IBM security bu...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted statement. (CVE-2024-31880)

Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details CVEID:CVE-2024-31880 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect...

HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

Description The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks PoC % time curl "https://example.com/?restroute=/h5vp/v1/video/1=1'+OR+SELECT+1+FROM+SELECTSLEEP5xyz--+-"...

SQL Injection

librenms/librenms is vulnerable to SQL Injection. The vulnerability is due to inadequate validation of the order parameter sourced from the $request in the file apifunctions.inc.php where the parameter value is directly incorporated into an SQL statement and concatenated. This allows attackers to...

CVE-2024-31212

InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...

CVE-2024-31212 SQL injection in index_chart_data action

InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...