The vulnerability of the “device_list” component of the monitoring software for Advantech R-SeeNet routers allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the “devicelist” component of the monitoring software for Advantech R-SeeNet routers involves incorrect processing of the locfilter parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending specially crafted SQL queri...

CVE-2021-42064

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update

An update is now available for Red Hat OpenShift Container Storage 4.8.5 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

The vulnerability of the ECShop e-commerce center system, related to the failure to take measures to neutralize special elements used in SQL queries, allows a hacker to write arbitrary files.

The vulnerability of the ECShop e-commerce shopping center system lies in the lack of measures taken to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code by executing the admin/shophelp.php script with the id...

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

PT-2021-4912 · Mcafee · Mcafee Data Loss Prevention (Dlp) Epo Extension

Name of the Vulnerable Software and Affected Versions: McAfee Data Loss Prevention ePO extension versions prior to 11.7.100 Description: The issue is related to a lack of protection against special elements used in SQL queries, allowing a remote attacker to execute arbitrary SQL code. This can be...

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the index.php USERNAME parameter...

DEBIAN-CVE-2021-41800

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

SAP Business One SQL Injection Vulnerability

SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One version 10.0 has a SQL injection vulnerability that stems from the lack of effective validation and escaping of SQL statements, which can be exploited by an attacker with business privileges...

PT-2021-6214 · Microsoft · Defender For Iot

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for IoT affected versions not specified Description: The issue is related to a lack of protection measures for the SQL query structure in Microsoft Defender for IoT, which can be exploited to execute arbitrary code. This ca...

Information disclosure

SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained...

CVE-2021-33688

SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained...

The vulnerability of the Moodle management system, related to the failure to protect SQL queries, allows attackers to execute arbitrary code.

The vulnerability of the Moodle management system is related to the failure to implement measures to protect SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted SQL queries remotely...

The vulnerability of the DataTables library, related to the lack of measures taken to protect the SQL query structure, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the DataTables library is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the app/admin/custom-fields/filter.php web application for managing IP addresses in phpipam allows a violator to execute arbitrary SQL queries.

The vulnerability of the app/admin/custom-fields/filter.php web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

MGASA-2021-0177 Updated mongodb packages fix security vulnerability

A denial of service vulnerability was discovered in mongodb whereby a user authorized to perform database queries may issue specially crafted queries, which violate an invariant in the query subsystem's support for geoNear CVE-2020-7923...