Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
sql injection vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-4461
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...
Redhat Enterprise Mrg 2.4
7.5
CVSSv2
CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set...
Dashbuilder Project Dashbuilder -
Redhat Jboss Bpm Suite 6.0.0
Redhat Jboss Bpm Suite 6.0.1
Redhat Jboss Bpm Suite 6.0.3
Redhat Jboss Bpm Suite 6.1
Redhat Jboss Bpm Suite 6.1.2
Redhat Jboss Enterprise Brms Platform 5.0.0
Redhat Jboss Enterprise Brms Platform 5.3.1
Redhat Jboss Enterprise Brms Platform 6.0.0
Redhat Jboss Enterprise Brms Platform 6.0.1
Redhat Jboss Enterprise Brms Platform 6.0.2
Redhat Jboss Enterprise Brms Platform 6.0.3
Redhat Jboss Enterprise Brms Platform 6.1
Redhat Jboss Enterprise Brms Platform 6.3
4
CVSSv2
CVE-2018-14623
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072....
Theforeman Katello
6.5
CVSSv2
CVE-2014-0137
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists....
Redhat Cloudforms 3.0 Management Engine 5.2
Redhat Cloudforms 3.0 Management Engine 5.2.1
Redhat Cloudforms 3.0 Management Engine 5.2.2
Redhat Cloudforms 3.0 Management Engine
6.5
CVSSv2
CVE-2020-9402
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was...
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
6 Github repositories available
6.8
CVSSv2
CVE-2014-0080
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors...
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.1.0
4
CVSSv2
CVE-2018-1096
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database....
Theforeman Foreman
Redhat Satellite 6.4
7.5
CVSSv2
CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a...
Djangoproject Django
17 Github repositories available
7.5
CVSSv2
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges....
Postgresql Postgresql
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 7.4
Redhat Enterprise Linux 7.5
Redhat Enterprise Linux 7.6
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
6.5
CVSSv2
CVE-2020-35701
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution....
Cacti Cacti
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-2109
NULL pointer dereference
CVE-2021-1300
local users
CVE-2021-1250
CVE-2020-6207
dos
CVE-2021-1249
CVE-2020-11214
« PREV
1
2
3
4
5
6
7
8
NEXT »