CVE-2024-28966

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

CVE-2024-28965

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal...

PT-2024-22648 · Dell · Dell Scg

Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.24.00.00 Description: The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API. This could allow a remote low privileged attacker to execute certain...

Dell Secure Connect Gateway Access Control Error Vulnerability

Dell Secure Connect Gateway is a secure connectivity gateway from Dell, Inc. An access control error vulnerability exists in Dell Secure Connect Gateway versions prior to 5.24.00.00, which stems from an internal REST API exposure that could be exploited by a remote attacker to potentially apply...

Dell Secure Connect Gateway Access Control Error Vulnerability

Dell Secure Connect Gateway is a secure connectivity gateway from Dell USA. An access control error vulnerability exists in Dell Secure Connect Gateway versions prior to 5.24.00.00, which stems from an improperly access-controlled internally maintained REST API that could be exploited by a remote...

Online Student Enrollment System SQL注入漏洞

Online Student Enrollment System is an online student enrollment system by Lyndon Bermoy, an individual developer. A SQL injection vulnerability exists in Online Student Enrollment System version 1.0, which can be exploited by an attacker to view, add, modify, or delete information in the back-en...

F5 BIG-IP SQL注入漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A SQL injection vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited by an attacker to send crafted...

IBM Cognos Controller SQL注入漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. An SQL injection vulnerability exists in IBM Cognos...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. Delta Electronics DIAEnergie GetDIAEusList suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end...

Apache Fineract SQL注入漏洞

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract versions prior to 1.8.5...

SeaCMS 安全漏洞

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A SQL injection vulnerability exists in SeaCMS version 12.9, which can be exploited by an attacker to view, add, modify, or delete information...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

IBM Aspera SQL注入漏洞

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An SQL injection vulnerability exists in IBM Aspera Console versions 3.4.0 through 3.4.2, which stems from the application's lack of validation of externally...

PT-2024-11663 · Ibm · Ibm Aspera Console

Name of the Vulnerable Software and Affected Versions: IBM Aspera Console versions 3.4.0 through 3.4.2 Description: The issue allows a remote attacker to send specially crafted SQL statements, which could enable the attacker to view, add, modify, or delete information in the back-end database. Th...

Hospital Management System SQL注入漏洞

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. Hospital Management System V4.0 and prior versions suffer from a SQL injection vulnerability that stems from the application's lack ...

SQL Injection

net.mingsoft: ms-mcms is vulnerable to SQL Injection. The vulnerability exists via the category Type parameter within /content/list.do, which allows an attacker to manipulate the backend database by injecting malicious SQL commands...

CVE-2023-44284

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database...

Sql injection

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...