Lucene search
K

74 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.5 views

SUSE CVE-2015-4735

Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1, and EM DB Control 11.2.0.3 and 11.2.0.4, allows remote attackers to affect confidentiality via vectors related to RAC Management...

5CVSS6.3AI score0.02788EPSS
Exploits0References4
OSV
OSV
added 2022/11/29 9:15 p.m.4 views

CVE-2022-36962

SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands...

7.2CVSS6AI score0.0901EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/29 12:0 a.m.3 views

SolarWinds Platform 命令注入漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. SolarWinds Platform suffers from a command injection vulnerability that stems from susceptibility to command injection and allows a remote attacker to take full control of...

7.2CVSS7.5AI score0.0901EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/11/03 12:0 a.m.12 views

phpMyFAQ < 3.2.0 XSS Vulnerability

phpMyFAQ is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"...

8.4CVSS6.8AI score0.00918EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/08/10 4:5 p.m.26 views

CVE-2022-38130

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

9.7AI score0.53389EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/10 12:0 a.m.5 views

PT-2022-24224

Name of the Vulnerable Software and Affected Versions No specific software version is mentioned, so the affected software is: Keysight SMS affected versions not specified Description The issue concerns the com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method, which is used to...

9.8CVSS9.1AI score0.53389EPSS
Exploits0References4
CNVD
CNVD
added 2021/03/08 12:0 a.m.7 views

Kentico SQL Injection Vulnerability (CNVD-2021-22156)

Kentico is an all-in-one ASP.NET CMS that fully integrates Web content management, e-commerce, online marketing and intranet into one platform. A SQL injection vulnerability exists in the Blog module in Kentico 5.5 R2 build 5.5.3996. The vulnerability can be exploited by an attacker via the tagna...

9.8CVSS7.7AI score0.01632EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/05 12:0 a.m.4 views

Kentico SQL注入漏洞

Kentico is an all-in-one ASP.NET CMS that fully integrates Web content management, e-commerce, online marketing and intranet into one platform. A SQL injection vulnerability exists in the Blog module in Kentico 5.5 R2 build 5.5.3996. The vulnerability can be exploited by an attacker via the tagna...

9.8CVSS5.9AI score0.01632EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/03/03 7:25 p.m.19 views

CVE-2021-21312 Stored XSS on documents

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

5.4CVSS5.7AI score0.00592EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2020/12/08 12:0 a.m.308 views

Online Bus Booking System Project Using PHP MySQL 1.0 SQL Injection

For CVE-2020-25889: Exploit Title: online bus booking system project using PHP MySQL - SQL Injection Exploit Author: Krishna Yadav Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html Version:...

9.7AI score0.02726EPSS
Exploits2
Prion
Prion
added 2020/08/03 1:15 p.m.14 views

Sql injection

IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839...

6.5CVSS6.5AI score0.01172EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2020/06/03 4:51 p.m.174 views

Critical SAP ASE Flaws Allow Complete Control of Databases

Researchers are urging users to apply patches for several critical vulnerabilities in SAP’s Adaptive Server Enterprise ASE. If exploited, the most severe flaws could give unprivileged users complete control of databases and – in some cases – even underlying operating systems. ASE previously known...

6.5CVSS9.8AI score0.26869EPSS
Exploits1References12
BDU FSTEC
BDU FSTEC
added 2019/08/06 12:0 a.m.4 views

The vulnerability of the Data Store component of the Oracle Berkeley DB database management system allows a hacker to gain full control over the DBMS.

The vulnerability of the Data Store component of the Oracle Berkeley DB database management system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain full control over the DBMS...

7CVSS7.8AI score0.00453EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2019/05/09 3:29 p.m.4 views

CVE-2019-6548

GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user...

9.8CVSS7.3AI score
Exploits0References1
NVD
NVD
added 2019/05/09 3:29 p.m.18 views

CVE-2019-6548

GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user...

9.8CVSS9.5AI score0.01277EPSS
Exploits0References1
Prion
Prion
added 2019/05/09 3:29 p.m.18 views

Hardcoded credentials

GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user...

6.8CVSS9.3AI score0.01277EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/05/09 2:28 p.m.17 views

CVE-2019-6548

GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user...

9.4AI score0.01277EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/04/01 6:15 p.m.73 views

U.S. Dept Of Defense: SQL Injection in ████

Summary There is an SQL injection vulnerability in ████████ in the /█████/recruiter/updapp.aspx page, exploitable through the appid form parameter. Impact An attacker could use this vulnerability to control the content in the database, exfiltrate information, and obtain remote code execution...

0.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/01/30 12:0 a.m.5 views

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to gain full control over the DBMS.

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server is related to insufficient access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the DBMS using Oracle Net...

8.3CVSS7.1AI score0.01733EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2018/10/04 2:39 p.m.22 views

U.S. Dept Of Defense: SQL Injection in ████

Summary: There is an SQL injection vulnerability in the SSN field at https://██████████/████/candidateapp/statusscholarship.aspx Impact An attacker could use this vulnerability to control the content in the database, exfiltrate information, and potentially obtain remote code execution. Step-by-st...

0.3AI score
Exploits0
Rows per page
Query Builder