Sql injection

A proid GET parameter of the WordPress支付�Alipay|财付通Tenpay|��PayPal集��件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection...

CVE-2021-24393 Comment Highlighter <= 0.13 - Authenticated SQL Injection

A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

Charity Management System CMS 1.0 - Multiple Vulnerabilities

Exploit Title: Charity Management System CMS 1.0 - Multiple Vulnerabilities Date: 18/08/2021 Exploit Author: Davide 't0rt3ll1n0' Taraschi Vendor Homepage: https://www.sourcecodester.com/users/tips23 Software Link:...

4images 1.8 SQL Injection

Exploit Title: 4images 1.8 - 'limitnumber' SQL Injection Authenticated Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.8 Tested on: Linux Source Analysis: Line 658 - User action defined if $action == "findimages" Line 661 - Vulnerable condition...

CVE-2021-24507 Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an...

PT-2021-7495 · Mariadb +10 · Mariadb Server +10

Name of the Vulnerable Software and Affected Versions: MariaDB Server versions 10.6 and below Description: The issue is related to an use-after-free in the my strcasecmp 8bit component of MariaDB Server, which can be exploited through specially crafted SQL statements, potentially allowing a remot...

WordPress Secure Copy Content Protection Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Secure Copy Content Protection plugin is an application plugin for WordPress. A SQL injection vulnerability exists in...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. (CVE-2021-29703)

Summary IBM® Db2® is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. Vulnerability Details CVEID: CVE-2021-29703 DESCRIPTION: Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service...

IBM DB2 Command Injection Vulnerability

IBM DB2 is a relational database management system from the American company IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 for Linux, UNIX, and Windows including Db2 Connect Server, which stems...

The fallback receiver address could get twice the toSend amount

Handle s1m0 Vulnerability details In that block of code there are 2 external call inside a try/catch statements. In both the catch the toSend amount is transferred to the fallback receiver address effectively transferring twice if the 2 external call fail. Impact In the fulfill function the...

CVE-2021-29703

Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659...

Design/Logic Flaw

Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659...

CVE-2021-29703

Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659...

CVE-2021-29702

Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658...

Design/Logic Flaw

Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658...

CVE-2021-29702

Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658...

Uncontrolled Resource Consumption

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...

IBM DB2 注入漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in Db2 that originates from an abnormal termination of the server duri...

WordPress Sendit WP Newsletter plugin SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Sendit WP Newsletter plugin 2.5.1 and earlier...

CVE-2021-24341

When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection...