303 matches found
CVE-2023-43743
A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...
CVE-2023-41262
An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...
CVE-2023-41262
An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...
Sql injection
An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...
CVE-2023-41262
An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...
CVE-2023-4309
Election Services Co. ESC Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...
Sql injection
Election Services Co. ESC Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...
CVE-2023-4309
Election Services Co. ESC Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...
PT-2023-28694 · Election Services Co. · Internet Election Service
Name of the Vulnerable Software and Affected Versions: Election Services Co. ESC Internet Election Service affected versions not specified Description: The issue concerns SQL injection vulnerabilities in multiple pages and parameters of the Election Services Co. ESC Internet Election Service. The...
CVE-2023-33852
IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614...
SAP PowerDesigner Access Control Error Vulnerability
SAP PowerDesigner is a database design software from SAP Germany. SAP PowerDesigner suffers from an Access Control Error vulnerability that arises from having incorrect access control and can be exploited by an unauthenticated attacker to run arbitrary queries against the backend database via a...
CVE-2023-37484
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...
CVE-2023-37484
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...
Default credentials
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...
CVE-2023-37484 Information Disclosure Vulnerabilities in SAP PowerDesigner
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...
CVE-2023-37484 Information Disclosure Vulnerabilities in SAP PowerDesigner
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...
SAP PowerDesigner 访问控制错误漏洞
SAP PowerDesigner is a database design software from SAP Germany. SAP PowerDesigner suffers from an Access Control Error vulnerability that arises from having incorrect access control and can be exploited by an unauthenticated attacker to run arbitrary queries against the backend database via a...
CVE-2023-25839
There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is...
PT-2023-20345 · Esri · Esri Arcgis Insights Desktop
Name of the Vulnerable Software and Affected Versions: Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 Description: The issue allows a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input...
CVE-2023-32569
An issue was discovered in Veritas InfoScale Operations Manager VIOM before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers who must have admin credentials to submit arbitrary SQL...