sql injection vulnerabilities and exploits

7.5
CVSSv2
CVE-2019-13489

Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter....

7.5
CVSSv2
CVE-2019-10653

An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page....

7.5
CVSSv2
CVE-2019-12723

An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user....

NA
CVE-2019-1105

Outlook for Android Spoofing Vulnerability. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user....

3.5
CVSSv2
CVE-2019-1137

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'....

MicrosoftExchange Server
4.3
CVSSv2
CVE-2019-1112

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'....

9.3
CVSSv2
CVE-2019-1111

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1110....

9.3
CVSSv2
CVE-2019-1110

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1111....

6.2
CVSSv2
CVE-2018-15664

In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go...

Docker
7.5
CVSSv2
CVE-2019-11512

Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5....