By Risk Score
By Publish Date
By Recent Activity
sql injection vulnerabilities and exploits
(subscribe to this query)
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...
Redhat Enterprise Mrg 2.4
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set...
Dashbuilder Project Dashbuilder -
Redhat Jboss Bpm Suite 6.0.0
Redhat Jboss Bpm Suite 6.0.1
Redhat Jboss Bpm Suite 6.0.3
Redhat Jboss Bpm Suite 6.1
Redhat Jboss Bpm Suite 6.1.2
Redhat Jboss Enterprise Brms Platform 5.0.0
Redhat Jboss Enterprise Brms Platform 5.3.1
Redhat Jboss Enterprise Brms Platform 6.0.0
Redhat Jboss Enterprise Brms Platform 6.0.1
Redhat Jboss Enterprise Brms Platform 6.0.2
Redhat Jboss Enterprise Brms Platform 6.0.3
Redhat Jboss Enterprise Brms Platform 6.1
Redhat Jboss Enterprise Brms Platform 6.3
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072....
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 188.8.131.52 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists....
Redhat Cloudforms 3.0 Management Engine 5.2
Redhat Cloudforms 3.0 Management Engine 5.2.1
Redhat Cloudforms 3.0 Management Engine 5.2.2
Redhat Cloudforms 3.0 Management Engine
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was...
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
6 Github repositories available
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors...
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.1.0
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database....
Redhat Satellite 6.4
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a...
17 Github repositories available
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges....
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 7.4
Redhat Enterprise Linux 7.5
Redhat Enterprise Linux 7.6
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution....
NULL pointer dereference