160 matches found
The vulnerability of the Qnap network device support automation system is related to errors in the authentication process. This error allows a malicious user to gain unauthorized access to the device.
The vulnerability of the Qnap network device support automation system is related to errors in the authentication process for certificates. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the device remotely...
ABB Cylon FLXeon 9.3.4 Unauthenticated Dashboard Access Vulnerability
ABB Cylon FLXeon version 9.3.4 allows unauthenticated access to the Building Management System BMS or Building Automation System BAS dashboard. This exposes sensitive information, including system status, events, and alarms related to HVAC operations. Additionally, an attacker could manipulate...
Interlib Library Cluster Automation Management System 注入漏洞
Interlib Library Cluster Automation Management System is a library cluster automation management system from Interlib. An injection vulnerability exists in Interlib Library Cluster Automation Management System 2.0.1 and earlier versions, which is caused by SQL injection in the parameter sql...
Kieback&Peter DDC4000 安全漏洞
The Kieback&Peter DDC4000 is a building automation and control system from Kieback&Peter, Germany, that is used to manage and monitor various devices in a building. A security vulnerability exists in the Kieback&Peter DDC4000 that stems from the presence of insufficiently protected credentials,...
CVE-2024-5682
Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation. This issue affects Yordam Library Automation System: before 20.1...
CVE-2024-5682
Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation. This issue affects Yordam Library Automation System: before 20.1...
CVE-2024-5682 User Enumeration in Yordam Information Technology's Yordam Library Automation System
Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation. This issue affects Yordam Library Automation System: before 20.1...
CVE-2024-5682 User Enumeration in Yordam Information Technology's Yordam Library Automation System
Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation. This issue affects Yordam Library Automation System: before 20.1...
CVE-2024-5682
CVE-2024-5682 affects the Yordam Library Automation System. The root cause is an improper restriction of excessive authentication attempts, enabling interface manipulation . Affected versions are prior to 20.1. Documented impact is limited to potential unauthorized interface manipulation; no expl...
RuvarOA idlist Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of the idlist parameter of the /WorkFlow/wfworkprint.aspx file against externally entered SQL statements. An attacker can exploit this...
RuvarOA sys_file_storage_id Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter of the /WorkFlow/wffiledownload.aspx file against externally entered SQL statements. An attacker...
RuvarOA filename Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the filename parameter of the /WorkFlow/OfficeFileDownload.aspx file against external SQL input. An attacker can exploit this...
RuvarOA PageID Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the PageID parameter in the /WebUtility/SearchCondiction.aspx file against external SQL input. An attacker can exploit this...
RuvarOA id parameter SQL injection vulnerability (CNVD-2024-33617)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the templateid parameter in the /SysManage/wftemplatechildfieldlist.aspx file against external SQL input. An attacker can exploi...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33155)
RuvarOA is an office automation system of Ruvar China. A security vulnerability exists in RuvarOA v6.01 and v12.01, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33154)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /PersonalAffair/worklogtemplateshow.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33151)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the fileid parameter of the /CorporateCulture/kaizendownload.aspx file against external SQL input. An attacker can exploit this...
The vulnerability of the Offer LOV component of the Oracle Trade Management software, a business automation system within the Oracle E-Business Suite, allows an attacker to gain unauthorized access to protected information.
The vulnerability of the “Offer LOV” component of the Oracle Trade Management software for managing trading operations within the Oracle E-Business Suite is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain...
Honeywell Experion PKS 安全漏洞
Honeywell Experion PKS is a process automation system from Honeywell USA. A security vulnerability exists in Honeywell Experion PKS. An attacker could exploit the vulnerability to remotely execute code...
Honeywell Experion PKS 安全漏洞
Honeywell Experion PKS is a process automation system from Honeywell USA. A security vulnerability exists in Honeywell Experion PKS. An attacker could exploit the vulnerability to remotely execute code...