sql injection vulnerabilities and exploits

(subscribe to this query)

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was...

Djangoproject Django Debian Debian Linux 9.0 Debian Debian Linux 10.0 Fedoraproject Fedora 3212 Github repositories available

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a...

Djangoproject Django34 Github repositories available

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set...

Redhat Dashbuilder Redhat Jboss Bpm Suite 6.0.0 Redhat Jboss Bpm Suite 6.0.1 Redhat Jboss Bpm Suite 6.0.3 Redhat Jboss Bpm Suite 6.1 Redhat Jboss Bpm Suite 6.1.2 Redhat Jboss Enterprise Brms Platform 5.0.0 Redhat Jboss Enterprise Brms Platform 5.3.1 Redhat Jboss Enterprise Brms Platform 6.0.0 Redhat Jboss Enterprise Brms Platform 6.0.1 Redhat Jboss Enterprise Brms Platform 6.0.2 Redhat Jboss Enterprise Brms Platform 6.0.3 Redhat Jboss Enterprise Brms Platform 6.1 Redhat Jboss Enterprise Brms Platform 6.3

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL...

Fortinet Fortiweb1 Article available

A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name....

Djangoproject Django1 Github repository available

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs....

Djangoproject Django Debian Debian Linux 9.05 Github repositories available

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution....

Cacti Cacti Fedoraproject Fedora 32 Fedoraproject Fedora 33 Fedoraproject Fedora 34

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors...

Rubyonrails Rails 4.0.2 Rubyonrails Rails 4.0.1 Rubyonrails Rails 4.1.0 Rubyonrails Rails 4.0.0

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform....

Linuxfoundation Harbor Pivotal Vmware Harbor Registry -

An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database....

Theforeman Foreman Redhat Satellite 6.4

« PREV 1 2 3 4 5 6 7 8 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook