Lucene search
+L

267 matches found

NVD
NVD
added 2019/05/16 1:29 a.m.26 views

CVE-2019-1824

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

8.1CVSS8.3AI score0.01901EPSS
Exploits1References2
NVD
NVD
added 2019/05/16 1:29 a.m.28 views

CVE-2019-1825

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

8.1CVSS8.3AI score0.01901EPSS
Exploits1References2
OSV
OSV
added 2019/05/16 1:29 a.m.6 views

CVE-2019-1824

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

8.1CVSS7.5AI score0.01901EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/05/16 1:10 a.m.30 views

CVE-2019-1824 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

8.1CVSS8.3AI score0.01901EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2019/05/16 1:10 a.m.15 views

CVE-2019-1824 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

8.1CVSS7.8AI score0.01901EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/05/16 1:10 a.m.34 views

CVE-2019-1825 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

8.1CVSS8.3AI score0.01901EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2019/05/16 1:10 a.m.15 views

CVE-2019-1825 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

8.1CVSS7.8AI score0.01901EPSS
Exploits1References2
Fedora
Fedora
added 2019/05/10 12:48 a.m.42 views

[SECURITY] Fedora 30 Update: rubygem-activerecord-5.2.3-1.fc30

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

9.8CVSS1.4AI score0.98507EPSS
Exploits30
Hacker One
Hacker One
added 2019/04/27 3:23 p.m.112 views

Starbucks: Blind SQL Injection on starbucks.com.gt and WAF Bypass :*

Starting with a blind SQL Injection on http://www.starbucks.com.gt/menu/beverage/detail, @d3417 was able to dump schema on several database tables. Initially closed as N/A because of our exclusion on automated tools, reopened to investigate the data reported in the tables, and because the casual...

0.8AI score
Exploits0
Prion
Prion
added 2019/04/10 9:29 p.m.23 views

Information disclosure

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration Messaging System, fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure...

4CVSS4.3AI score0.00716EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/04/10 8:13 p.m.24 views

CVE-2019-0278

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration Messaging System, fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure...

4.3AI score0.00716EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/03/09 2:1 p.m.13 views

50m-ctf: `Cody trolled us all` h1-702 CTF write-up

Premise I use not to play CTF challenges because they usually absorb me entirely. I cannot think of anything else but "I want that flag!". That said, this is going to be a long story: no princess, no dragoons, only a tweet. https://twitter.com/Hacker0x01/status/1100543680383832065 Level 0 - Nothi...

7.2AI score
Exploits0
Prion
Prion
added 2018/12/11 5:29 p.m.15 views

Sql injection

A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that...

5CVSS7.8AI score0.01433EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/12/11 5:0 p.m.18 views

CVE-2018-20061

A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that...

7.9AI score0.01433EPSS
Exploits0References1
OSV
OSV
added 2018/08/01 6:29 p.m.23 views

PYSEC-2018-98

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL at least it is possible to perform updates/inserts/deletes and database...

9.1CVSS3.7AI score0.02336EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:35 p.m.24 views

Security Bulletin: Tivoli Storage Manager (IBM Spectrum Protect) SQL interface vulnerable to unauthorized access (CVE-2016-8940)

Summary Tivoli Storage Manager IBM Spectrum Protect SQL interface is vulnerable to unauthorized access to user credentials and product sensitive information. Vulnerability Details CVEID: CVE-2016-8940 DESCRIPTION: IBM Tivoli Storage Manager IBM Spectrum Protect does not perform sufficient authori...

8.8CVSS0.6AI score0.00943EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2018/05/10 12:0 a.m.3 views

Cisco Unified Communications Manager Information Disclosure Vulnerability (CNVD-2018-11149)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An information disclosure...

6.5CVSS5.9AI score0.00364EPSS
Exploits0References1
NVD
NVD
added 2018/04/19 8:29 p.m.21 views

CVE-2018-0266

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsin...

4.3CVSS4.5AI score0.01756EPSS
Exploits0References3
NVD
NVD
added 2018/04/19 8:29 p.m.24 views

CVE-2018-0267

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web...

6.5CVSS6.2AI score0.00364EPSS
Exploits0References3
Prion
Prion
added 2018/04/19 8:29 p.m.19 views

Design/Logic Flaw

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsin...

4CVSS4.5AI score0.01756EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder