28 matches found
Sql injection
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerCFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A...
CVE-2021-32983
Delta Electronics DIAEnergie vulnerability CVE-2021-32983 is a Blind SQL Injection in the /DataHandler/Handler_CFG.ashx endpoint (versions prior to 1.9). The flaw arises from improper validation of the keyword parameter before building an SQL query, allowing remote, unauthenticated attackers to e...
DIAEnergie SQL Blind Injection Vulnerability (CNVD-2021-93913)
A SQL blind injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter agid before using the value as part of a S...
DIAEnergie SQL Blind Bet Vulnerability
A SQL blind injection vulnerability exists in the /DataHandler/HandlerCFG.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter keyword before using the value as part of a SQL...
DIAEnergie SQL Blind Injection Vulnerability (CNVD-2021-93914)
A SQL blind injection vulnerability exists in the /DataHandler/AM/AMHandler.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via parameter type before using the value as part of an SQL query...
Insecure Deserialization in TYPO3 CMS
It has been discovered that FormEngine and DataHandler are vulnerable to insecure deserialization. A valid backend user account is needed in order to exploit this vulnerability...
Multiple Media Player HTTP DataHandler Overflow (Itunes, Quicktime, etc)
No description provided by source. ScaryMovie Exploit Study By: DrIDE October, 2009 There is a widespread failure in the way that .MOV files are handled by the Quicktime Library. I have attempted to compound my findings on this issue. Nearly every .MOV enabled application that I tested fell victi...
Sql injection
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user'language' variable, probably related to SQL injection...