Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
injection vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-8321
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible....
Rubygems
4.3
CVSSv2
CVE-2006-0188
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as...
Squirrelmail
4.3
CVSSv2
CVE-2006-0195
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url"...
Squirrelmail
5
CVSSv2
CVE-2006-0377
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."...
Squirrelmail
6.8
CVSSv2
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled....
Sqlalchemy
Debian
Debian Linux
5
CVSSv2
CVE-2019-8322
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur....
Rubygems
7.5
CVSSv2
CVE-2005-1197
SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter....
Oracle
Database Server
7.5
CVSSv2
CVE-2005-4832
SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different...
Oracle
Oracle10g
4 EDB exploits available
1 Metasploit module available
3.6
CVSSv2
CVE-2002-1673
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name...
Webmin
1 EDB exploit available
6.5
CVSSv2
CVE-2007-2111
SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that...
Oracle
Database Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-13413
physical
CVE-2020-8789
denial of service
windows 10
CVE-2019-18935
microsoft
CVE-2020-1165
CVE-2020-3272
file inclusion
CVE-2005-1513
1
2
3
4
5
NEXT »
Vulmon