Lucene search
K

303 matches found

Cvelist
Cvelist
added 2023/12/08 12:0 a.m.17 views

CVE-2023-43743

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...

9.1AI score0.00687EPSS
Exploits0References2
NVD
NVD
added 2023/10/12 11:15 p.m.19 views

CVE-2023-41262

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...

9.8CVSS10AI score0.00699EPSS
Exploits1References1
OSV
OSV
added 2023/10/12 11:15 p.m.3 views

CVE-2023-41262

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...

9.8CVSS6AI score0.00699EPSS
Exploits1References1
Prion
Prion
added 2023/10/12 11:15 p.m.14 views

Sql injection

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...

7.5CVSS9.9AI score0.00699EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/10/12 12:0 a.m.18 views

CVE-2023-41262

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...

10AI score0.00699EPSS
Exploits1References1
NVD
NVD
added 2023/10/10 6:15 p.m.33 views

CVE-2023-4309

Election Services Co. ESC Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

10CVSS10AI score0.01051EPSS
Exploits0References3
Prion
Prion
added 2023/10/10 6:15 p.m.25 views

Sql injection

Election Services Co. ESC Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

7.5CVSS9.8AI score0.01051EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/10 5:27 p.m.24 views

CVE-2023-4309

Election Services Co. ESC Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

10CVSS10AI score0.01051EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.9 views

PT-2023-28694 · Election Services Co. · Internet Election Service

Name of the Vulnerable Software and Affected Versions: Election Services Co. ESC Internet Election Service affected versions not specified Description: The issue concerns SQL injection vulnerabilities in multiple pages and parameters of the Election Services Co. ESC Internet Election Service. The...

10CVSS8.2AI score0.01051EPSS
Exploits0References5
OSV
OSV
added 2023/08/27 11:15 p.m.3 views

CVE-2023-33852

IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614...

5.4CVSS5.9AI score0.00429EPSS
Exploits0References2
CNVD
CNVD
added 2023/08/11 12:0 a.m.21 views

SAP PowerDesigner Access Control Error Vulnerability

SAP PowerDesigner is a database design software from SAP Germany. SAP PowerDesigner suffers from an Access Control Error vulnerability that arises from having incorrect access control and can be exploited by an unauthenticated attacker to run arbitrary queries against the backend database via a...

7.5CVSS7.1AI score0.01041EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/08/08 1:15 a.m.2 views

CVE-2023-37484

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...

5.3CVSS5.8AI score0.00428EPSS
Exploits0References2
NVD
NVD
added 2023/08/08 1:15 a.m.29 views

CVE-2023-37484

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...

5.3CVSS5.3AI score0.00428EPSS
Exploits0References2
Prion
Prion
added 2023/08/08 1:15 a.m.27 views

Default credentials

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...

5CVSS5.4AI score0.00428EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/08 12:40 a.m.28 views

CVE-2023-37484 Information Disclosure Vulnerabilities in SAP PowerDesigner

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...

5.3CVSS5.7AI score0.00428EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/08 12:40 a.m.16 views

CVE-2023-37484 Information Disclosure Vulnerabilities in SAP PowerDesigner

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory...

5.3CVSS7AI score0.00428EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.6 views

SAP PowerDesigner 访问控制错误漏洞

SAP PowerDesigner is a database design software from SAP Germany. SAP PowerDesigner suffers from an Access Control Error vulnerability that arises from having incorrect access control and can be exploited by an unauthenticated attacker to run arbitrary queries against the backend database via a...

9.8CVSS6.9AI score0.01041EPSS
Exploits0References4
OSV
OSV
added 2023/07/19 4:15 p.m.6 views

CVE-2023-25839

There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is...

7CVSS6AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.10 views

PT-2023-20345 · Esri · Esri Arcgis Insights Desktop

Name of the Vulnerable Software and Affected Versions: Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 Description: The issue allows a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input...

7CVSS7.3AI score0.00174EPSS
Exploits0References3
OSV
OSV
added 2023/05/10 5:15 a.m.6 views

CVE-2023-32569

An issue was discovered in Veritas InfoScale Operations Manager VIOM before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers who must have admin credentials to submit arbitrary SQL...

9.8CVSS7.5AI score0.00582EPSS
Exploits0References1
Rows per page
Query Builder