220 matches found
CVE-2024-6743 AguardNet Space Management System - SQL injection
AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2024-6743
CVE-2024-6743 affects AguardNet’s Space Management System. The vulnerability is an SQL injection caused by improper validation of user input, exploitable by unauthenticated remote attackers to read, modify, and delete database contents. Connected sources confirm impact and attack surface (unauthe...
Broadcom Brocade SANnav 安全漏洞
Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Brocade SANnav versions v2.3.1 and v2.3.0a that stems from an information disclosure vulnerability in Brocade SANnav when the Brocade SANnav instance is configured in disaster...
PT-2024-4305 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: An information disclosure issue exists in Brocade SANnav when instances are configured in disaster recovery mode, allowing authenticated users to access the...
CVE-2023-5008 Student Information System v1.0 - Unauthenticated SQL Injection
Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control...
CVE-2023-43014
Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'firstname' and 'lastname' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents...
Sql injection
Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'firstname' and 'lastname' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents...
Sql injection
Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control...
CVE-2023-36284
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...
CVE-2021-23186
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system...
PT-2023-12047 · Odoo · Odoo Community +1
Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: A sandboxing issue allows authenticated administrators to access and modify database contents of other tenants in a multi-tenant system...
Sql injection
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
Sql injection
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEprivgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
Sql injection
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEunHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
Sql injection
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
Sql injection
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
Sql injection
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-1374
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEunHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-1366
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-26887
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEloopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...