The vulnerabilities of the DBMS_XMLGEN and DBMS_XMLQUERY functions of the XWiki Platform, a platform for creating collaborative web applications. This allows attackers to execute arbitrary code.

The vulnerability of the DBMSXMLGEN and DBMSXMLQUERY functions of the XWiki Platform for creating collaborative web applications is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending...

CVE-2024-56158 XWiki allows SQL injection in query endpoint of REST API with Oracle

XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...

XWiki Platform 注入漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. An SQL injection vulnerability exists in XWiki Platform that stems from the query validator not cleaning up functions such as DBMSXMLGEN or DBMSXMLQUERY, which could lead to an SQL injection...

TORCS 1.3.2 Buffer Overflow

/ Exploit Title: TORCS Research Team Division Author: Andres Gomez and David Mora a.k.a Mighty-D ... Pwn and beans! Software Link: http://torcs.sourceforge.net/ Version: torcs 1.3.2 Vendor notified: 03/02/2012 Tested on: Windows XP Service Pack 3 Spanish CVE : / / This program will generate the...