129 matches found
Sql injection
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter online registration to obtain database schema and data...
CVE-2021-22852 HGiga OAKloud Portal - SQL injection -2
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter online registration to obtain database schema and data...
CVE-2021-22852
HGiga EIP product contains a SQL Injection vulnerability disclosed in CVE-2021-22852. The vulnerability affects the product’s online registration URL parameter, allowing attackers to inject SQL commands to access database schema and data. The provided documents confirm the affected component (HGi...
CVE-2021-22851 HGiga OAKloud Portal - SQL injection -1
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter document management page to obtain database schema and data...
HGiga EIP SQL Injection Vulnerability
A SQL injection vulnerability exists in HGiga EIP product, which can be exploited by an attacker to obtain database schema and data by injecting SQL commands into specific URL parameters online registration...
HGiga EIP SQL Injection Vulnerability
A SQL injection vulnerability exists in HGiga EIP product, which can be exploited by an attacker to inject SQL commands into specific URL parameters document management pages to obtain database schema and data...
Information Disclosure
datasette-graphql is vulnerable to information disclosure. The vulnerability exists as it does not perform permission checks, allowing private database schema to be revealed...
LY Corporation: Debugging panel exposure
Vulnerability description not provided...
Zoho ManageEngine DataSecurity Plus Directory Traversal (CVE-2020-11531)
A directory traversal vulnerability exists in Zoho ManageEngine DataSecurity Plus. The vulnerability is due to lack of validation of the database schema name when handling a DR-SCHEMA-SYNC request in DataEngine Xnode Server application...
ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities
ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution. ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities Identifiers...
CVE-2020-11531
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...
Directory traversal
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...
ALLE INFORMATION School Manage System SQL Injection Vulnerability
ALLE INFORMATION School Management System is a school management system from ALLE INFORMATION in Taiwan, China. A SQL injection vulnerability exists in versions of ALLE INFORMATION School Manage System prior to 2020. The vulnerability can be exploited to obtain the database schema and...
CVE-2020-10505
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password...
SUSE-SU-2020:0670-1 Recommended update for SUSE Manager Server 3.2
This update fixes the following issues: spacewalk-setup: - Create AJP connector for tomcat if it does not exist bsc1165927, bsc1166388 How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either...
Unspecified Vulnerability in Pegasystem PEGA Platform
Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. A security vulnerability exists in...
CVE-2019-16386
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=randomharnessid request to get database schema information while using a low-privilege account. NOTE: The vendor states that this...
CVE-2019-16386
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=randomharnessid request to get database schema information while using a low-privilege account. NOTE: The vendor states that this...
Information disclosure
DISPUTED PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=randomharnessid request to get database schema information while using a low-privilege account. NOTE: The vendor states that this...
CVE-2019-16386
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=randomharnessid request to get database schema information while using a low-privilege account. NOTE: The vendor states that this...