sql injection vulnerabilities and exploits

(subscribe to this query)

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is x.x.x.x/dl.asp When an attacker...

Kaseya Vsa Agent Kaseya Vsa Server2 Github repositories available7 Articles available

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information....

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests....

Fortinet Fortiwlm

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application....

Djangoproject Django Fedoraproject Fedora 3417 Github repositories available

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used....

Linuxfoundation Opendaylight 0.16.0 Linuxfoundation Opendaylight 0.16.4 Linuxfoundation Opendaylight 0.15.6 Linuxfoundation Opendaylight 0.15.01 Github repository available

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used....

Linuxfoundation Opendaylight 0.16.0 Linuxfoundation Opendaylight 0.16.4 Linuxfoundation Opendaylight 0.15.6 Linuxfoundation Opendaylight 0.15.01 Github repository available

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution....

Solarwinds Orion Platform

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement....

Cyrusimap Cyrus-sasl Debian Debian Linux 9.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0 Fedoraproject Fedora 34 Fedoraproject Fedora 35 Fedoraproject Fedora 36 Netapp Ontap Select Deploy Administration Utility -Netapp Active Iq Unified Manager -Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1 Oracle Communications Cloud Native Core Console 22.2.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.2.03 Github repositories available

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22....

Pacsrapor Pacsrapor

Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection....

Gilacms Gila Cms 1.11.81 Github repository available

« PREV 1 2 3 4 5 6 7 8 9 10 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook