74 matches found
SUSE CVE-2015-4735
Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1, and EM DB Control 11.2.0.3 and 11.2.0.4, allows remote attackers to affect confidentiality via vectors related to RAC Management...
CVE-2022-36962
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands...
SolarWinds Platform 命令注入漏洞
SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. SolarWinds Platform suffers from a command injection vulnerability that stems from susceptibility to command injection and allows a remote attacker to take full control of...
phpMyFAQ < 3.2.0 XSS Vulnerability
phpMyFAQ is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"...
CVE-2022-38130
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...
PT-2022-24224
Name of the Vulnerable Software and Affected Versions No specific software version is mentioned, so the affected software is: Keysight SMS affected versions not specified Description The issue concerns the com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method, which is used to...
Kentico SQL Injection Vulnerability (CNVD-2021-22156)
Kentico is an all-in-one ASP.NET CMS that fully integrates Web content management, e-commerce, online marketing and intranet into one platform. A SQL injection vulnerability exists in the Blog module in Kentico 5.5 R2 build 5.5.3996. The vulnerability can be exploited by an attacker via the tagna...
Kentico SQL注入漏洞
Kentico is an all-in-one ASP.NET CMS that fully integrates Web content management, e-commerce, online marketing and intranet into one platform. A SQL injection vulnerability exists in the Blog module in Kentico 5.5 R2 build 5.5.3996. The vulnerability can be exploited by an attacker via the tagna...
CVE-2021-21312 Stored XSS on documents
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...
Online Bus Booking System Project Using PHP MySQL 1.0 SQL Injection
For CVE-2020-25889: Exploit Title: online bus booking system project using PHP MySQL - SQL Injection Exploit Author: Krishna Yadav Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html Version:...
Sql injection
IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839...
Critical SAP ASE Flaws Allow Complete Control of Databases
Researchers are urging users to apply patches for several critical vulnerabilities in SAP’s Adaptive Server Enterprise ASE. If exploited, the most severe flaws could give unprivileged users complete control of databases and – in some cases – even underlying operating systems. ASE previously known...
The vulnerability of the Data Store component of the Oracle Berkeley DB database management system allows a hacker to gain full control over the DBMS.
The vulnerability of the Data Store component of the Oracle Berkeley DB database management system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain full control over the DBMS...
CVE-2019-6548
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user...
CVE-2019-6548
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user...
Hardcoded credentials
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user...
CVE-2019-6548
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user...
U.S. Dept Of Defense: SQL Injection in ████
Summary There is an SQL injection vulnerability in ████████ in the /█████/recruiter/updapp.aspx page, exploitable through the appid form parameter. Impact An attacker could use this vulnerability to control the content in the database, exfiltrate information, and obtain remote code execution...
The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to gain full control over the DBMS.
The vulnerability of the Core RDBMS component of the database management system Oracle Database Server is related to insufficient access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the DBMS using Oracle Net...
U.S. Dept Of Defense: SQL Injection in ████
Summary: There is an SQL injection vulnerability in the SSN field at https://██████████/████/candidateapp/statusscholarship.aspx Impact An attacker could use this vulnerability to control the content in the database, exfiltrate information, and potentially obtain remote code execution. Step-by-st...