(Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the roletype parameter...

EUVD-2018-2665

Malware in sbrugna...

EUVD-2007-5271

Malware in sbrugna...

de.julielab:julielab-concept-creation-bioportal (>=1.2.0 <=1.3.1), de.julielab:julielab-concept-creation-famplex (>=1.2.0 <=1.3.1) +6 more potentially affected by CVE-2022-37423 via org.neo4j.procedure:apoc (>=4.4.0.16 <=4.4.0.2)

org.neo4j.procedure:apoc MAVEN version =4.4.0.16, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.3.1 - org.jqassistant.plugin:jqassistant-apoc-plugin =2.0.0 Source cves: CVE-2022-37423 Source advisory: OSV:GHSA-78F9-745F-278P...

GHSA-XM92-RF24-H74W Apache Geronimo Application Server multiple directory traversal vulnerabilities

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the 1 group, 2 artifact, 3 version, or 4 fileType...

CVE-2018-10593

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor to issue SQL commands, which may result in data...

Sql injection

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor to issue SQL commands, which may result in data...

CVE-2018-10593

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor to issue SQL commands, which may result in data...

CVE-2018-10593

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor to issue SQL commands, which may result in data...

CVE-2018-10593

CVE-2018-10593 affects BD Kiestra DB Manager (v3.0.1.0 and earlier) and PerformA (v3.0.0.0 and earlier). An authorized user with a privileged BD Kiestra account can issue SQL commands, potentially leading to data corruption on Kiestra TLA, WCA, and InoqulA+ systems. The connected ICS-CERT advisor...

Ubuntu: Security Advisory (USN-2656-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Altiris Deployment Solution Server DB Manager Unauthenticated Command Execution

The remote host is running a vulnerable version of Altiris Deployment Solution Server. Authentication is not required prior to sending commands to the DB Manager service. A remote attacker could exploit this to modify or read data from the Altiris database. C Tenable Network Security, Inc...

Cross site scripting

Cross-site scripting XSS vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2007-5291

CVE-2007-5291 describes a cross-site scripting (XSS) vulnerability in the Edit.asp page of DB Manager 2.0, where an attacker can inject arbitrary script via the id parameter. The issue is classified with a NVD CVSS v2 base score of 4.3 (Medium) and primarily impacts integrity with no confidential...

CVE-2007-5291

Cross-site scripting XSS vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...