712 matches found
CVE-2023-0016
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database...
Sql injection
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database...
CVE-2023-0016 SQL Injection vulnerability in SAP Business Planning and Consolidation MS
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database...
CVE-2023-22909
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow...
CVE-2023-22909
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow...
CVE-2022-1578
The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack...
Delta Electronics DIAEnergie SQL注入漏洞
Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics Taiwan, China used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes and maximize...
SQL Injection
github.com/ibax-io/go-ibax is vulnerable to SQL injection. The vulnerability exists in the GetRowsInfo function of database.go due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...
SQL Injection
github.com/ibax-io/go-ibax is vulnerable to SQL injection. The vulnerability exists in the GetRowsInfo function of database.go due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...
SQL Injection
github.com/ibax-io/go-ibax is vulnerable to SQL injection. The vulnerability exists in the GetRowsInfo function of database.go due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...
Apache Isis 安全漏洞
Apache Isis is the United States Apache Apache Foundation , a framework for rapid development of domain-driven applications in Java . Apache Isis suffers from an authorization issue vulnerability that stems from the h2 webconsole module accessible in the prototype menu automatically providing the...
Rockwell Automation Factory Talk VantagePoint 安全漏洞
Rockwell Automation Factory Talk VantagePoint is an advanced industrial application ecosystem from Rockwell Automation, Inc. An access control error vulnerability exists in Rockwell Automation Factory Talk VantagePoint, which stems from improper access control of its FactoryTalk VantagePoint...
CVE-2022-39029
Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...
CVE-2022-2460 WPDating < 7.4.0 - Multiple Unauthenticated SQLi
The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthenticated users...
CVE-2022-34871
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a...
PT-2022-22406 · Centreon · Centreon
Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the configuration of...
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide addition...
GHSA-73PR-G6JJ-5HC9 Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide addition...
PT-2022-23717 · Ivanti · Ivanti Avalanche
Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to bypass authentication on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...
PT-2022-23723 · Ivanti · Ivanti Avalanche
Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to bypass authentication on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...