Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

sql injection vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv2
CVE-2006-6354
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976....
Duware Duclassified 4.1Duware Duclassified 4.2Duware Dudownload 1.0Duware Dudownload 1.1Duware Dupaypal 3.0Duware Dupaypal 3.1Duware Duamazon 3.0Duware Duamazon 3.1Duware Dudirectory Pro 3.0Duware Dudirectory Pro 3.1Duware Dugallery 3.2Duware Dugallery 3.3Duware Dudirectory 3.0Duware Dudirectory 3.1Duware Dugallery 3.0Duware Dugallery 3.1Duware Dupaypal Pro 3.0Duware Dupaypal Pro 3.1Duware Duarticle 1.0Duware Duarticle 1.1Duware Duclassified 4.0Duware Dudirectory Pro Sql 3.0Duware Dudirectory Pro Sql 3.1Duware Dunews 1.0Duware Dunews 1.1
7.5
CVSSv2
CVE-2005-3976
SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1...
Duware Duarticle 1.1Duware Duclassified 4.2Duware Dupaypal 3.1Duware Dupaypal Pro 3.0Duware Dudirectory Pro Sql 3.0Duware Dudownload 1.1Duware Duamazon 3.1Duware Dugallery 3.3Duware Dunews 1.1Duware Dudirectory 3.1Duware Dudirectory Pro 3.0
6.8
CVSSv2
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled....
Sqlalchemy Sqlalchemy 1.2.17Debian Debian Linux 8.0
6.5
CVSSv2
CVE-2014-7814
SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter....
Redhat Cloudforms 3.1 Management Engine 5.3
7.5
CVSSv2
CVE-2013-4386
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter....
Redhat Openstack 3.0Theforeman Foreman 1.2.0Theforeman ForemanTheforeman Foreman 1.2.1
7.5
CVSSv2
CVE-2013-4461
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...
Redhat Enterprise Mrg 2.4
4
CVSSv2
CVE-2018-14623
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072....
Theforeman Katello
6.5
CVSSv2
CVE-2014-0137
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists....
Redhat Cloudforms 3.0 Management Engine 5.2Redhat Cloudforms 3.0 Management EngineRedhat Cloudforms 3.0 Management Engine 5.2.1Redhat Cloudforms 3.0 Management Engine 5.2.2
7.5
CVSSv2
CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set...
Redhat DashbuilderRedhat Jboss Bpm Suite 6.0.0Redhat Jboss Bpm Suite 6.0.1Redhat Jboss Bpm Suite 6.0.3Redhat Jboss Bpm Suite 6.1Redhat Jboss Bpm Suite 6.1.2Redhat Jboss Enterprise Brms Platform 5.0.0Redhat Jboss Enterprise Brms Platform 5.3.1Redhat Jboss Enterprise Brms Platform 6.0.0Redhat Jboss Enterprise Brms Platform 6.0.1Redhat Jboss Enterprise Brms Platform 6.0.2Redhat Jboss Enterprise Brms Platform 6.0.3Redhat Jboss Enterprise Brms Platform 6.1Redhat Jboss Enterprise Brms Platform 6.3
7.5
CVSSv2
CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a...
Djangoproject Django
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-42539CVE-2021-30359CVE-2021-34484CVE-2021-0483CVE-2021-38646CVE-2020-23041brute forcefirmwaremalicious code‎
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook