306 matches found
Sensitive Information Disclosure
Apache Superset is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper error handling when an authenticated user with privileges to create an Alerts generates a specially crafted SQL statement that triggers an error on the database which is not properly handled...
Apache Superset: Improper error handling on alerts
An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...
CVE-2024-24773 Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...
CVE-2024-27315
An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...
CVE-2024-27315 Apache Superset: Improper error handling on alerts
An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...
Simple School Managment System SQL Injection Vulnerability (CNVD-2024-14035)
Simple School Managment System is Code-projects open source a simple school management system . Simple School Managment System version 1.0 SQL injection vulnerability , the vulnerability stems from the application lack of validation of external input SQL statement , an attacker can exploit the...
Sql injection
The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the seturlswithterms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber...
Hospital Management System SQL Injection Vulnerability
A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. Hospital Management System V4.0 and prior versions suffer from a SQL injection vulnerability that stems from the application's lack ...
Booking Calendar WpDevArt < 3.2.12 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-5674 WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727)
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. Vulnerability Details CVEID:CVE-2023-38727 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to denial of service with a specially crafted SQL statement. CVSS Base...
OESA-2023-1924 hsqldb security update
HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small about 100k, fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as...
Sql injection
The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...
CVE-2023-38727
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257...
CVE-2023-38727 IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257...
CVE-2023-38727 IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted SQL statement (CVE-2023-38740)
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted SQL statement. Vulnerability Details CVEID:CVE-2023-38740 DESCRIPTION: IBM Db2 for Linux, UNIX, and Windows includes Db2 Connect Server is vulnerable to a denial of service with a specially crafted SQL statement. CVSS...
Virtuoso Open-Source Edition Security Vulnerabilities
Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which ste...
Virtuoso Open-Source Edition Security Vulnerabilities
Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment, and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which...
Virtuoso Open-Source Edition Security Vulnerabilities
Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment and HTTP application server platform from OpenLink Software open source. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which...