Lucene search
K

94 matches found

wpexploit
wpexploit
added 2023/07/24 12:0 a.m.274 views

WordPress Database Administrator <= 1.0.3 - Unauthenticated SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Run the command: curl -i -s -k -X POST --data-binary...

9.7AI score0.0084EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/07/24 12:0 a.m.9 views

PT-2023-8402 · WordPress · Wordpress Database Administrator

Name of the Vulnerable Software and Affected Versions: WordPress Database Administrator plugin versions 1.0.3 and earlier Description: The issue is related to a SQL injection problem. It occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement via an...

9.8CVSS9.7AI score0.0084EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.9 views

PT-2023-3643 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.19 Oracle Database Server versions 21.3 through 21.10 Description: The issue is related to insufficient input validation in the Unified Audit component of Oracle Database Server. It allows a...

5.7CVSS5.1AI score0.00411EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.5 views

PT-2023-13619 · Sage · Sage 300

Name of the Vulnerable Software and Affected Versions: Sage 300 versions 6.4.x through 6.9.x Description: A low-privileged Sage 300 workstation user could abuse their access to the SharedData folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300...

7.8CVSS7.8AI score0.00256EPSS
Exploits1References6
OSV
OSV
added 2023/04/26 1:15 p.m.2 views

CVE-2023-29257

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011...

7.2CVSS7.7AI score0.01513EPSS
Exploits0References3
Prion
Prion
added 2023/04/26 1:15 p.m.19 views

Remote code execution

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011...

5.8CVSS7.5AI score0.01513EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/04/26 12:56 p.m.13 views

CVE-2023-29257 IBM Db2 code execution

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011...

7.2CVSS7.3AI score0.01513EPSS
Exploits0References3
CVE
CVE
added 2023/04/26 12:56 p.m.101 views

CVE-2023-29257

CVE-2023-29257 affects IBM Db2 on Linux/UNIX/Windows (including Db2 Connect) across 10.5, 11.1 and 11.5. Description: remote code execution where a DBA of one database may execute code or read/write files in another database within the same instance. CVSS base score 7.2 (HIGH). Remediation: upgra...

7.2CVSS7.2AI score0.01513EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/18 8:15 p.m.4 views

CVE-2023-21918

Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle...

6.8CVSS6.9AI score0.00668EPSS
Exploits0References1
NCSC
NCSC
added 2023/02/09 12:0 a.m.3 views

Vulnerability fixed in phpMyAdmin

A vulnerability has been fixed in phpMyAdmin. A authenticated malicious party can exploit the vulnerability for a cross-site scripting attack via uploading a rogue .sql file. Such an attack may result in the execution of arbitrary code under the scope of the browser of the victim. In this...

6.3AI score
Exploits0
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.4 views

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Application...

7.5CVSS8.2AI score0.00627EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.10 views

PT-2023-1247 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Java utils component of Oracle Applications DBA, part of the Oracle E-Business Suite. This can allow a remote...

7.8CVSS9AI score0.00627EPSS
Exploits0References4
OSV
OSV
added 2022/12/27 1:15 a.m.4 views

CVE-2022-46763

A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 fixed in 5.2.6.10025 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code...

8.8CVSS6.5AI score0.01056EPSS
Exploits0References3
Prion
Prion
added 2022/07/05 4:15 p.m.29 views

Sql injection

SQL Injection vulnerability in AST Agent Time Sheet interface /vicidial/ASTagenttimesheet.php of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailabl...

9CVSS8.7AI score0.03139EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/07/05 3:40 p.m.84 views

CVE-2022-34876

CVE-2022-34876 is a SQL injection vulnerability in VICIdial 2.14b0.5 prior to SVN revision 3555. It affects vicidial/admin.php through modify_email_accounts, access_recordings, and agentcall_email, allowing an attacker to spoof identities, tamper or disclose data, destroy data, or assume database...

8.8CVSS7.3AI score0.03196EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/10/22 12:15 p.m.4 views

CVE-2021-38459

The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user...

9.8CVSS5.8AI score0.00951EPSS
Exploits0References1
OSV
OSV
added 2021/10/22 12:15 p.m.4 views

CVE-2021-38475

The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...

8.8CVSS7.3AI score0.00861EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.4 views

AUVESY Versiondog 安全漏洞

AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. A security vulnerability exists in AUVESY Versiondog, which could be exploited by attackers to gain SYSDBA privileges...

9CVSS5.6AI score0.00861EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2021/08/19 3:34 p.m.3 views

CVE-2021-38475

The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...

9CVSS7.2AI score0.00861EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/04/22 12:0 a.m.4 views

CVE-2021-2173

Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recover...

4.1CVSS5.3AI score0.01372EPSS
Exploits4References3
Rows per page
Query Builder