CVE-2019-19094 ABB eSOMS: SQL injection vulnerability

Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database...

CVE-2019-4752

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-e...

PT-2020-1843 · Abb · Abb Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 3.9 to 6.0.3 Description: The issue is related to a lack of input checks for SQL queries, which might allow an attacker to perform SQL injection attacks against the backend database. This could potentially be exploited by a...

IBM Sterling B2B Integrator SQL Injection Vulnerability (CNVD-2019-44534)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A SQL injection vulnerability exists in IBM Sterling B2B...

BSA-2019-866

Security Advisory ID : BSA-2019-866 Component : SANnav Revision : 1.0 Brocade SANnav versions before v2.0 usea hard-coded password, which could allowlocal authenticated attackers to access a back-end database and gain privileges. The vulnerability could be exploited only if the database service i...

SQL Injection in Zingbox Inspector

An SQL injection vulnerability exists in the Zingbox Inspector management interface that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Ref: CVE-2019-15016 The vulnerability allows for authenticated users to pass unsanitized commands ...

CVE-2019-3756

RSA Archer, versions prior to 6.6 P3 6.6.0.3, contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions...

Information disclosure

RSA Archer, versions prior to 6.6 P3 6.6.0.3, contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions...

CVE-2019-3756

RSA Archer, versions prior to 6.6 P3 6.6.0.3, contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions...

PT-2019-16927 · Ibm · Ibm Sterling File Gateway

Name of the Vulnerable Software and Affected Versions: IBM Sterling File Gateway versions 2.2.0.0 through 6.0.1.0 Description: The issue allows a remote attacker to send specially-crafted SQL statements, potentially enabling them to view, add, modify, or delete information in the back-end databas...

IBM Emptoris Contract Management SQL Injection Leak (CNVD-2019-31130)

IBM Emptoris Contract Management is a suite of software from IBM USA that automates the contract lifecycle. The software automates and manages all phases of the contract lifecycle, from the creation, execution and renegotiation of contracts and amendments, to performance monitoring, analysis and...

Sql injection

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IB...

CVE-2019-13447

An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection...

Sql injection

An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection...

CVE-2019-13447

An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection...

CVE-2019-4012

IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886...

Race condition

An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=?php and admin/databack/bakuptables.php?2=fileputcontents URIs because...

Metinfo Competitive Conditions Vulnerability

MetInfo is a content management system CMS developed by China Mito MetInfo using PHP and Mysql. A competitive condition vulnerability exists in MetInfo. An attacker can exploit this vulnerability by means of a competitive condition in the backend database backup function via admin / index.php?n =...

Battelle V2I Hub SQL Injection Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A SQL injection vulnerability exists in Battelle V2I Hub version...

CVE-2018-1000631

Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::userinfo function, which could allow the attacker to view, add, modify or delete information in the back-end database...