1953 matches found
CVE-2021-40861
A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the...
CVE-2021-35528
Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing CSB allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or...
CVE-2021-35528
Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing CSB allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or...
Improper access control
Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing CSB allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or...
CVE-2021-35528
CVE-2021-35528 — Hitachi Energy Retail Operations/CSB is an improper access control vulnerability (CWE-284) in the application’s authentication/authorization that relies on local session validation, enabling an unauthorized, signed Java Applet JAR to be executed. Affected versions: Hitachi Energy...
Critical Flaws in Philips TASY EMR Could Expose Patient Data
The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning of critical vulnerabilities affecting Philips Tasy electronic medical records EMR system that could be exploited by remote threat actors to extract sensitive personal data from patient databases. "Successful exploitation of...
Sql injection
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcementsstudent.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code...
CVE-2021-42667
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in som...
CVE-2021-42667
CVE-2021-42667 affects Sourcecodester Online Event Booking and Reservation System (version 2.3.0). The vulnerability is an SQL Injection in the event-management/views component, exploitable via the vulnerable id parameter on the USER page, enabling an attacker to manipulate SQL queries, potential...
Engineers Online Portal SQL注入漏洞
Sourcecodester Engineers Online Portal is an open source online portal. Sourcecodester Engineers Online Portal in PHP is vulnerable to SQL injection, which can be exploited by attackers to extract sensitive data from the web server via the announcesstudent.php id parameter of announcesstudent.php...
Engineers Online Portal SQL注入漏洞
Sourcecodester Engineers Online Portal is an open source online portal. sourcecodester Engineers Online Portal in PHP is vulnerable to SQL injection, which can be exploited by attackers to extract sensitive data from the Web server via the id parameter of myclassmates.php, and in some cases...
Engineers Online Portal SQL注入漏洞
Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by three types of users, namely system administrators, students, and instructors. sourcecodester Online Event Booking and...
Engineers Online Portal SQL注入漏洞
Sourcecodester Engineers Online Portal is an open source online portal. sourcecodester Engineers Online Portal in PHP is vulnerable to SQL injection. An attacker can exploit the vulnerability to extract sensitive data from the web server via the id parameter of quizquestion.php and, in some cases...
Androidqf - (Android Quick Forensics) Helps Quickly Gathering Forensic Evidence From Android Devices, In Order To Identify Potential Traces Of Compromise
androidqf Android Quick Forensics is a portable tool to simplify the acquisition of relevant forensic data from Android devices. It is the successor of Snoopdroid, re-written in Go and leveraging official adb binaries. androidqf is intended to provide a simple and portable cross-platform utility ...
Vehicle Parking Management System SQL注入漏洞
Vehicle Parking Management System is an open source vehicle parking management system from the individual developer Anuj Kumar. Vehicle Parking Management System affected version 1.0 suffers from a SQL injection vulnerability that can be further exploited to extract sensitive information from the...
Engineers Online Portal 1.0 - (id) SQL Injection Vulnerability
Exploit Title: Engineers Online Portal 1.0 - 'id' SQL Injection Exploit Author: Alon Leviev Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...
Why the Raspberry Pi isn’t suitable for IoT
Let’s start by praising the Raspberry Pi: it has brought cheap computing to many, has inspired and enabled education and undoubtedly been a huge benefit. I use my own Pi daily, and we have often used its flexibility to perform hardware testing, from accessing UART to reading flash memory. So why ...
Hitachi ABB Power Grids TropOS
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Hitachi ABB Power Grids Equipment: TropOS Vulnerabilities: Injection, Inadequate Encryption Strength, Missing Authentication for Critical Function, Improper Authentication, Improper Validation of Integrity Check Value,...
CVE-2021-36748
A SQL Injection issue in the list controller of the Prestahome Blog aka phsimpleblog module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sbcategory parameter...
Sql injection
A SQL Injection issue in the list controller of the Prestahome Blog aka phsimpleblog module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sbcategory parameter...