330 matches found
CVE-2019-8130
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates...
Sql injection
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates...
CVE-2019-8130
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates...
SQLMap v1.3.10 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
The vulnerability of the DBconn::GetLastError function in the pgagent scheduling software, which allows a hacker to cause a service failure.
The vulnerability of the DBconn::GetLastError function in the pgagent scheduling software from the pgagent package is related to errors during the swapping of the zero pointer 0x0000000000407209. Exploiting this vulnerability could allow an attacker to trigger a service failure through a speciall...
CVE-2019-1003076
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
PT-2019-11366 · Jenkins · Jenkins Audit To Database Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: A cross-site request forgery issue exists in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method, allowing attackers to initiate a...
PT-2019-11367 · Jenkins · Jenkins Audit To Database Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: A missing permission check in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiat...
CVE-2019-3716
CVE-2019-3716 affects RSA Archer prior to 6.5 SP2. An authenticated local attacker who can access RSA Archer log files may obtain the database connection password because it is logged in plaintext, enabling use in further attacks. Affected product is Dell EMC RSA Archer (enterprise IT governance/...
CVE-2019-3716 Information Exposure Vulnerability
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further...
Information disclosure
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further...
CVE-2019-3716
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further...
EMC RSA Archer < 6.4.1.5 / 6.5.x < 6.5.0.2 Multiple Vulnerabilities
The version of EMC RSA Archer running on the remote web server is prior to 6.4.1.5 or 6.5.x 6.5.0.2. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in RSA Archer versions, prior to 6.5 SP1 6.5.0.1. An authenticated malicious local user wi...
AVEVA InduSoft Web Studio / InTouch Edge HMI Command 66 RCE
Binary data scadaavevaiwsitehcmd66rce.nbin...
CVE-2019-6545
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...
Code injection
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...
CVE-2019-6545
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...
CVE-2019-6545
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...
PT-2019-18157 · Aveva · Intouch Edge Hmi +1
Name of the Vulnerable Software and Affected Versions: AVEVA Software, LLC InduSoft Web Studio versions prior to 8.1 SP3 AVEVA Software, LLC InTouch Edge HMI formerly InTouch Machine Edition versions prior to 2017 Update Description: An issue exists where an unauthenticated remote user could...
56iq digital signage software frontend database has information leakage vulnerability
56iq digital signage software is a digital signage content creation software, used to create exciting programs in plasma liquid crystal LCD flat-panel TVs, LED screens, projection equipment and other multimedia terminals playback and touch interactive applications. There is an information leakage...